It has been a long time since my last post. My boxes have been working fine so far and up until yesterday I had not noticed any issues. After updating JAVA on my machine I started to get errors concerning invalid certificates. I had previously installed new proper certs on my box so that might have been the cause.
Regarding my certs: I use the built in tools on pfSense to generate and manage all certs that I use on testing units. There I have a Root Certificate Authority setup and its cert is installed on the machines I use to debug my test installations (to avoid paying for temporary and easily disposable certs). On it I had created a server cert for my Proxmox testing node and had it installed a long time ago.
Looking for solutions I came across a post on how installing a intermediate certificate authority on the proxmox node could solve this and here is how I did it:
First I backed up all my old certs:
mv /etc/pve/pve-root-ca.pem /etc/pve/pve-root-ca.pem.bak mv /etc/pve/pve-www.key /etc/pve/pve-www.key.bak mv /etc/pve/priv/pve-root-ca.key /etc/pve/priv/pve-root-ca.key.bak mv /etc/pve/priv/pve-root-ca.srl /etc/pve/priv/pve-root-ca.srl.bak mv /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.bak mv /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.bak
Then I regenerated them and restarted all
pvecm updatecerts --force service pvedaemon restart service pveproxy restart
I proceeded creating a new Intermediate Certificate Authority and a Server Certificate on my pfSense going on
System > Cert Manager > CA > Add. Filled in the details and then
Cert Manager > Certificate > Add and selected the previously intermediate cert authority. Downloaded the server key and cert and the authority cert.
Here came the tricky part:
- The certificate authority cert became
- The server key was copied to
- The server cert was edited to include the certificate authority cert at the bottom and copied to
Restarted the services again and tested:
service pvedaemon restart service pveproxy restart
All working fine now!