proxmox-mirrors/pmg-docs
1
0
Fork 0
mirror of https://git.proxmox.com/git/pmg-docs synced 2025-05-28 12:46:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
fd3c20c24b
pmg-docs/pmg-ssl-certificate.adoc
Dietmar Maurer 0fe083dc95 add node how to update ssl cert on cluster
2018-01-30 09:28:51 +01:00

70 lines
2.1 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

SSL certificate
---------------
Access to the administration web interface is always done via
`https`. The default certificate is never valid for your browser and
you get always warnings.
If you want to get rid of these warnings, you have to generate a valid
certificate for your server.
Login to your Proxmox via ssh or use the console:
----
openssl req -newkey rsa:2048 -nodes -keyout key.pem -out req.pem
----
Follow the instructions on the screen, see this example:
----
Country Name (2 letter code) [AU]: AT
State or Province Name (full name) [Some-State]:Vienna
Locality Name (eg, city) []:Vienna
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Proxmox GmbH
Organizational Unit Name (eg, section) []:Proxmox Mail Gateway
Common Name (eg, YOUR name) []: yourproxmox.yourdomain.com
Email Address []:support@yourdomain.com
Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []: not necessary
An optional company name []: not necessary
----
After you finished this certificate request you have to send the file
`req.pem` to your Certification Authority (CA). The CA will issue the
certificate (BASE64 encoded) based on your request save this file as
`cert.pem` to your Proxmox.
To activate the new certificate, do the following on your Proxmox:
----
cat key.pem cert.pem >/etc/pmg/pmg-api.pem
----
The restart the API servers
----
systemctl restart pmgproxy
----
Test your new certificate by using your browser.
NOTE: To transfer files from and to your Proxmox, you can use secure
copy: If you desktop is Linux, you can use the `scp` command line
tool. If your desktop PC is windows, please use a scp client like
WinSCP (see http://winscp.net/).
Change Certificate for Cluster Setups
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you change the API certificate of an active cluster node, you also
need to update the fingerprint inside the cluster configuration file
`cluster.conf`. It is best to edit that file on the master node.
To show the actual fingerprint use:
----
openssl x509 -in /etc/pmg/pmg-api.pem -noout -fingerprint -sha256
----
Reference in New Issue View Git Blame Copy Permalink