Tech Tutorials - David McKone Watch on YouTube

Proxmox Install SSL/TLS Certificates

3 min read 3 days ago
Published on Mar 07, 2025 This response is partially generated with the help of AI. It may contain inaccuracies.

Table of Contents

Introduction

This tutorial will guide you through the process of installing a signed SSL/TLS certificate in Proxmox. You'll learn how to create a private key, generate a certificate signing request (CSR), obtain a signed certificate using OpenSSL, and install it through the Proxmox GUI. Additionally, we will cover the steps for setting up SSL/TLS certificates in a Proxmox cluster environment.

Step 1: Create the Private Key

To begin, you need to create a private key for your Proxmox server.

  1. Log in to your Root Certificate Authority (CA).
  2. Change to the CA directory:
    cd ca
  3. Generate the private key using OpenSSL:
    openssl genrsa -out private/pvenode1.key 2048

Step 2: Create the CSR Configuration File

Next, create a configuration file for the certificate signing request.

  1. Open a new configuration file with nano:

    nano csr/pvenode1-csr.conf

  2. Add the following configuration to the file:

    [ req ]
default_bits  = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt   = no

[ req_distinguished_name ]
countryName  = GB
stateOrProvinceName = England
organizationName = TempLab
commonName  = pvenode1.templab.lan

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = pvenode1.templab.lan

Step 3: Generate the CSR

Now, generate the certificate signing request using the previously created private key and configuration file.

  1. Run the following command:
    openssl req -new -key private/pvenode1.key -sha256 -out csr/pvenode1.csr -config csr/pvenode1-csr.conf

Step 4: Create the Signed Certificate

With your CSR ready, you can create a signed certificate.

  1. Execute the command:
    openssl ca -config root-ca.conf -notext -in csr/pvenode1.csr -out certs/pvenode1.crt -extensions req_ext -extfile csr/pvenode1-csr.conf

Step 5: Upload the Key and Certificate

For standalone servers, use the GUI to upload the key and certificate.

  1. Use SFTP to transfer files to your Proxmox server.
  2. Connect to your Proxmox VE server and navigate to:
    /etc/pve/nodes
  3. Replicate the folder structure for each node (e.g., pve-node1, pve-node2, pve-node3).
  4. Copy the private keys and certificates to the correct folders and rename them:
    • pve-ssl.key
    • pve-ssl.pem
  5. Backup existing files on the server by renaming them.

Step 6: Install Certificates for a Cluster

For cluster installations, you'll need to ensure all nodes have the updated certificates.

  1. Copy the new private keys and signed certificates from your local machine to the respective server folders.
  2. SSH into the Proxmox server.
  3. Restart the Proxmox service:
    systemctl restart pveproxy
  4. Verify that the new certificate is accepted.
  5. Repeat the restart process for other servers in the cluster.

Conclusion

You have successfully installed a signed SSL/TLS certificate in Proxmox. This not only helps secure your connection but also ensures that your server is trusted by clients. As a next step, consider reviewing Proxmox's documentation for advanced configurations or exploring additional security measures for your virtual environment.

Table of Contents

Recent