[PVE-User] ippc_send_rec AND/OR star/intermediate cert issue.

Paul Gray gray at cs.uni.edu
Mon Mar 28 02:00:38 CEST 2016

I upgraded a 5-node 3.x cluster this weekend.  The original cluster has
a valid commercial star-certificate + intermediate certificate for both
the proxy and inter-node communication.

It was working under the original configuration but I can't get things
working together with the commercial cert after migrating up to 4.0.

The host certificate is a *-certificate and uses an intermediate cert.

The error(s) that I'm getting arise when starting a kvm instance.  I'm

a) ipcc_send_rec failed: File too large


b) Failed to start VNC server: The certificate /etc/pve/pve-root-ca.pem
   basic constraints do not show a CA

I've been searching Google and the Proxmox forums for resolutions and
have been coming up short.  With these 2 errors I'm trying to figure out
if the first error causes the second, if their 2 distinct errors, or ???

The cert in /etc/pve/pve-root-ca.pm contains two certificates:
  1) the Digicert High Assurance CA
  2) the Digicert intermediate cert used by our institution.

The key and cert in /etc/pve/pve-ssl.{key,cert} consist of the actual
commercial cert components for the public-facing host details.

Certs are propagated through /etc/pve/nodes/<vmnum>/ as well.

Anyone have a valid link describing the use of intermediate certs, or
see something else that I'm missing?


More information about the pve-user mailing list