Rinnovo certificati Proxmox: Difference between revisions

From RVM Wiki
Jump to navigation Jump to search
← Older editNewer edit →
VisualWikitext
mNo edit summary
mNo edit summary
Line 2: Line 2:
  Failed to start VNC server: The CA certificate /etc/pve/pve-root-ca.pem has expired
  Failed to start VNC server: The CA certificate /etc/pve/pve-root-ca.pem has expired


* Sul primo nodo del cluster
=Sul primo nodo del cluster=


  /bin/cp -f /etc/pve/pve-root-ca.pem /etc/pve/pve-root-ca.pem.old
  /bin/cp -f /etc/pve/pve-root-ca.pem /etc/pve/pve-root-ca.pem.old
Line 33: Line 33:
* Accedere ora via web
* Accedere ora via web


* Sugli altri nodi:
=Sugli altri nodi=


  cd /etc/pve
  cd /etc/pve
Line 42: Line 42:
  openssl req -new -key server.key -out server.csr  
  openssl req -new -key server.key -out server.csr  
  openssl x509 -req -in server.csr -CA pve-root-ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 3650 -sha256
  openssl x509 -req -in server.csr -CA pve-root-ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 3650 -sha256
mv -f server.key pve-ssl.key
mv -f server.pem pve-ssl.pem


  /bin/cp -f pve-ssl.key /etc/pve/local/pve-ssl.key
  /bin/cp -f pve-ssl.key /etc/pve/local/pve-ssl.key

Revision as of 14:47, 3 December 2022

Se non si riesce ad accedere, o non si visualizzano console, o non si resce a far partire VM per errori di certificato tipo: 

Failed to start VNC server: The CA certificate /etc/pve/pve-root-ca.pem has expired

Sul primo nodo del cluster

/bin/cp -f /etc/pve/pve-root-ca.pem /etc/pve/pve-root-ca.pem.old
/bin/cp -f /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.old
/bin/cp -f /etc/pve/local/pve-ssl.pem  /etc/pve/local/pve-ssl.pem.old


  • Mettere dati CA
cd /etc/pve

openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.pem
  • Mettere nome cert server
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr 
openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 3650 -sha256

mv -f ca.pem pve-root-ca.pem
mv -f server.key pve-ssl.key
mv -f server.pem pve-ssl.pem

/bin/cp -f pve-root-ca.pem /etc/pve/pve-root-ca.pem
/bin/cp -f pve-ssl.key /etc/pve/local/pve-ssl.key
/bin/cp -f pve-ssl.pem /etc/pve/local/pve-ssl.pem


  • Accedere ora via web

Sugli altri nodi

cd /etc/pve
  • Mettere nome cert server
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr 
openssl x509 -req -in server.csr -CA pve-root-ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 3650 -sha256

mv -f server.key pve-ssl.key
mv -f server.pem pve-ssl.pem

/bin/cp -f pve-ssl.key /etc/pve/local/pve-ssl.key
/bin/cp -f pve-ssl.pem /etc/pve/local/pve-ssl.pem

service pveproxy restart
service pvedaemon restart
  • Accedere ora via web

Riferimenti

Retrieved from "https://kb.rvmgroup.it/index.php?title=Rinnovo_certificati_Proxmox&oldid=10867"