Rinnovo certificati Proxmox: Difference between revisions
Jump to navigation
Jump to search
Created page with "Se non si riesce ad accedere, o non si visualizzano console, o non si resce a far partire VM per errori di certificato tipo: Failed to start VNC server: The CA certificate /e..." |
mNo edit summary |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
Failed to start VNC server: The CA certificate /etc/pve/pve-root-ca.pem has expired | Failed to start VNC server: The CA certificate /etc/pve/pve-root-ca.pem has expired | ||
=Sul primo nodo del cluster= | |||
cp /etc/pve/pve-root-ca.pem /etc/pve/pve-root-ca.pem.old | /bin/cp -f /etc/pve/pve-root-ca.pem /etc/pve/pve-root-ca.pem.old | ||
cp /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.old | /bin/cp -f /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.old | ||
cp /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.old | /bin/cp -f /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.old | ||
| Line 16: | Line 16: | ||
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.pem | openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.pem | ||
* Mettere nome cert server | * Mettere nome cert server (la scadenza deve essere per forza inferiore a due anni) | ||
openssl genrsa -out server.key 2048 | openssl genrsa -out server.key 2048 | ||
openssl req -new -key server.key -out server.csr | openssl req -new -key server.key -out server.csr | ||
openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days | openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 728 -sha256 | ||
mv -f ca.pem pve-root-ca.pem | mv -f ca.pem pve-root-ca.pem | ||
| Line 33: | Line 33: | ||
* Accedere ora via web | * Accedere ora via web | ||
=Sugli altri nodi= | |||
cd /etc/pve | cd /etc/pve | ||
| Line 42: | Line 42: | ||
openssl req -new -key server.key -out server.csr | openssl req -new -key server.key -out server.csr | ||
openssl x509 -req -in server.csr -CA pve-root-ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 3650 -sha256 | openssl x509 -req -in server.csr -CA pve-root-ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 3650 -sha256 | ||
mv -f server.key pve-ssl.key | |||
mv -f server.pem pve-ssl.pem | |||
/bin/cp -f pve-ssl.key /etc/pve/local/pve-ssl.key | /bin/cp -f pve-ssl.key /etc/pve/local/pve-ssl.key | ||
Latest revision as of 09:03, 5 December 2022
Se non si riesce ad accedere, o non si visualizzano console, o non si resce a far partire VM per errori di certificato tipo:
Failed to start VNC server: The CA certificate /etc/pve/pve-root-ca.pem has expired
Sul primo nodo del cluster
/bin/cp -f /etc/pve/pve-root-ca.pem /etc/pve/pve-root-ca.pem.old /bin/cp -f /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.old /bin/cp -f /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.old
- Mettere dati CA
cd /etc/pve
openssl genrsa -out ca.key 2048 openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.pem
- Mettere nome cert server (la scadenza deve essere per forza inferiore a due anni)
openssl genrsa -out server.key 2048 openssl req -new -key server.key -out server.csr openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 728 -sha256
mv -f ca.pem pve-root-ca.pem mv -f server.key pve-ssl.key mv -f server.pem pve-ssl.pem
/bin/cp -f pve-root-ca.pem /etc/pve/pve-root-ca.pem /bin/cp -f pve-ssl.key /etc/pve/local/pve-ssl.key /bin/cp -f pve-ssl.pem /etc/pve/local/pve-ssl.pem
- Accedere ora via web
Sugli altri nodi
cd /etc/pve
- Mettere nome cert server
openssl genrsa -out server.key 2048 openssl req -new -key server.key -out server.csr openssl x509 -req -in server.csr -CA pve-root-ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 3650 -sha256
mv -f server.key pve-ssl.key mv -f server.pem pve-ssl.pem
/bin/cp -f pve-ssl.key /etc/pve/local/pve-ssl.key /bin/cp -f pve-ssl.pem /etc/pve/local/pve-ssl.pem
service pveproxy restart service pvedaemon restart
- Accedere ora via web