proxmox-mirrors/pve-docs
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-docs synced 2025-05-30 00:04:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add section about pveproxy certificates

Browse Source
This commit is contained in:
Fabian Grünbichler 2016-04-15 13:16:03 +02:00 committed by Dietmar Maurer
parent 166e63d688
commit 98a741e0cf
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
pveproxy.adoc
View File

@ -86,6 +86,23 @@ used.
NOTE: DH parameters are only used if a cipher suite utilizing the DH key NOTE: DH parameters are only used if a cipher suite utilizing the DH key
exchange algorithm is negotiated. exchange algorithm is negotiated.
Alternative HTTPS certificate
-----------------------------
By default, pveproxy uses the certificate '/etc/pve/local/pve-ssl.pem'
(and private key '/etc/pve/local/pve-ssl.key') for HTTPS connections.
This certificate is signed by the cluster CA certificate, and therefor
not trusted by browsers and operating systems by default.
In order to use a different certificate and private key for HTTPS,
store the server certificate and any needed intermediate / CA
certificates in PEM format in the file '/etc/pve/local/pveproxy-ssl.pem'
and the associated private key in PEM format without a password in the
file '/etc/pve/local/pveproxy-ssl.key'.
WARNING: Do not replace the automatically generated node certificate
files in '/etc/pve/local/pve-ssl.pem'/'etc/pve/local/pve-ssl.key' or
the cluster CA files in '/etc/pve/pve-root-ca.pem'/'/etc/pve/priv/pve-root-ca.key'.
ifdef::manvolnum[] ifdef::manvolnum[]
include::pve-copyright.adoc[] include::pve-copyright.adoc[]