Generate an SSL Certificate for Proxmox GUI
Generate an SSL Certificate for Proxmox GUI
An SSL certificate is a way to secure the connection between your website and the user’s browser. It’s important to have one if you want to protect your website and the information that is exchanged between it and the users. In this article, we will show you how to generate an SSL certificate for your Proxmox GUI, which is a web-based interface for managing virtual machines.
You may want to check my article on Generate a SAN certificate where I have detailed the process in greater details, and even how to convert the certificate to a PFX file for Microsoft Windows.
Defining the SAN certificate san.cnf
The first step is to create a response file, which will contain information about your organization and the domain names and IP addresses that you want to include in the certificate. You will need to replace the values in this file with the appropriate values for your own domain and aliases.
This file here is named san.cnf, but it could have any name such as certificate.conf or even contain the hostname, however, it should contain the following information:
[req] distinguished_name = req_distinguished_name req_extensions = req_ext prompt = no [req_distinguished_name] C = CH ST = VD L = Lausanne O = MyCompany OU = MyDept CN = myhost.fqdn.local [req_ext] subjectAltName = @alt_names [alt_names] IP.1 = 192.168.10.1 IP.2 = 192.168.10.2 IP.3 = 192.168.10.3 IP.4 = 192.168.10.4 DNS.1 = myhost.mycompanydomain.com DNS.3 = myhost.mycompanydomain.com DNS.4 = myhost2.mylegacycompanydomain.com DNS.6 = myhost2.mycompanydomain.com
You should replace the values in the distinguished_name and alt_names sections with the appropriate values for your own domain and aliases. The distinguished_name section contains information about your organization, while the alt_names section contains the IP addresses and domain names that you want to include in the certificate. It is a key aspect to generate an SSL certificate for Proxmox GUI.
Next, you will use the response file to generate a certificate request. You will need to run a command in the terminal to do this. The command will generate two files: a certificate request file and a private key file. Once you have created the response file, you can use it to generate the certificate request. To do this, you will need to run the following command:
openssl req -out myhost.csr -newkey rsa:2048 -nodes -keyout myhost.key -config san.cnf
This command will generate two files: myhost.csr and myhost.key. The myhost.csr file is the certificate request file that you will need to submit to your own Certificate Authority, while the myhost.key file is the private key that will be used to secure the certificate.
You can submit the file to both a private or public Certificate Authority, but note that a public Certificate Authority will only deliver certificates for public domain names and you will need to demonstrate that you own it. Similarly, you won’t be able to cover IP addresses with a public Certificate Authority, so remove IP.1 to IP.4, in the above file if you plan to use a public CA.
Install the certificate
Finally, you will need to upload the certificate request file and the private key file to the Proxmox GUI, and configure it to use the SSL certificate. After that, your Proxmox GUI should be accessible securely via https, and your own domain and aliases should be covered by the certificate.
It’s important to keep all the files generated in a safe location and also keep a backup of your private key. If you lose it, you won’t be able to use the certificate, and you will need to generate a new one.
Conclusion
In conclusion, generating an SSL certificate for your own domain and aliases is not difficult but it does require some technical knowledge. By following the steps outlined in this article, you will be able to secure your Proxmox GUI and provide a secure connection for your users.
