How to Install an SSL Certificate on Proxmox

How to Install an SSL Certificate on Proxmox?

(2 votes, average: 4.00 out of 5)

A Step-by-Step Guide to Installing SSL Certificate on Proxmox

Installing an SSL certificate on Proxmox allows you to secure communication between the Proxmox host and clients connecting to it, ensuring data privacy and confidentiality. The process involves obtaining an SSL certificate from a trusted certificate authority, uploading the certificate files to Proxmox, and configuring the Proxmox host to use the certificate. It is important to follow the steps carefully to ensure a successful installation and maintain the security of your Proxmox environment. Let’s get started.

Generate CSR

You can generate a CSR code on Proxmox to secure your virtual environment with an SSL certificate from a trusted Certificate Authority (CA). A CSR, or Certificate Signing Request, is a block of encrypted code that contains important information about your domain and company identity. To obtain an SSL certificate, you must first generate a CSR code and send it to the certificate provider. You have two options to generate the CSR code: use an automatic CSR generator or follow a step-by-step tutorial on how to create the CSR on Proxmox.

Step 1: Gather the Required Installation Files

After receiving the SSL certificate from your Certificate Authority (CA), extract the contents of the ZIP folder on your device. To activate the SSL certificate on Proxmox, you need two files: fullchain.pem and private-key.pem.

The fullchain.pem file is a combination of your primary certificate and all intermediate certificates in a single PEM format, excluding the root certificate. The private-key.pem file is your private key in PEM format without a password. If your CA sends the root and intermediate certificates in separate files, or in a single .ca-bundle file, you’ll need to combine them into a single PEM file by copying and pasting the contents of each certificate into a text editor.

Step 2: Transferring the SSL Files to Proxmox

Once you have your two SSL files ready, transfer them to the appropriate locations in /etc/pve/nodes/<node>. Make sure to use the correct SSL files and nodes. Use the following commands:

cp fullchain.pem /etc/pve/nodes/<node>/pveproxy-ssl.pem

cp private-key.pem /etc/pve/nodes/<node>/pveproxy-ssl.key

Then, restart the web interface with the following command:

systemctl restart pveproxy

You should receive a system log indicating the use of the alternative SSL certificate (Using ‘/etc/pve/local/pveproxy-ssl.pem’ as the certificate for the web interface.).

Congratulations, you have successfully installed the SSL certificate on Proxmox Virtual Environment. When you access the web interface via journalctl -b -u pveproxy.service, you should see the new certificate. It’s important to note that the alternative certificate is only utilised by the web interface, which includes noVNC, but not by the Spice Console/Shell.

Verify Your SSL Installation

After you have completed the installation of an SSL certificate on Proxmox, it is crucial to carry out a thorough evaluation to detect any potential errors or vulnerabilities. For guidance on this matter, we have written an in-depth article that showcases the best SSL tools to help you scan your SSL installation.

Finding the Ideal SSL Certificate for Proxmox

When choosing an SSL certificate, it is important to consider factors such as validation type, cost, and customer service. At Cheap SSL Web, we provide a comprehensive range of SSL certificates, affordable pricing, and unparalleled customer support. Our SSL certificates come from well-respected Certificate Authorities and are fully compatible with the Proxmox Virtual Environment.