From: Dietmar Maurer Date: Thu, 11 Jan 2018 11:12:53 +0000 (+0100) Subject: add SSL ceriticate generation doc X-Git-Url: https://git.proxmox.com/?p=pmg-docs.git;a=commitdiff_plain;h=ae62f1b78d71380644d8ec9d2dd58793aa3f35e7 add SSL ceriticate generation doc --- diff --git a/pmg-admin-guide.adoc b/pmg-admin-guide.adoc index 6ba5269..6dbb460 100644 --- a/pmg-admin-guide.adoc +++ b/pmg-admin-guide.adoc @@ -100,6 +100,63 @@ include::pmg-bibliography.adoc[] :leveloffset: 0 +[appendix] +SSL certificate +--------------- + +Access to the administration web interface is always done via +`https`. The default certificate is never valid for your browser and +you get always warnings. + +If you want to get rid of these warnings, you have to generate a valid +certificate for your server. + +Login to your Proxmox via ssh or use the console: + +---- +openssl req -newkey rsa:2048 -nodes -keyout key.pem -out req.pem +---- + +Follow the instructions on the screen, see this example: + +---- +Country Name (2 letter code) [AU]: AT +State or Province Name (full name) [Some-State]:Vienna +Locality Name (eg, city) []:Vienna +Organization Name (eg, company) [Internet Widgits Pty Ltd]: Proxmox GmbH +Organizational Unit Name (eg, section) []:Proxmox Mail Gateway +Common Name (eg, YOUR name) []: yourproxmox.yourdomain.com +Email Address []:support@yourdomain.com + +Please enter the following 'extra' attributes to be sent with your certificate request +A challenge password []: not necessary +An optional company name []: not necessary +---- + +After you finished this certificate request you have to send the file +`req.pem` to your Certification Authority (CA). The CA will issue the +certificate (BASE64 encoded) based on your request – save this file as +`cert.pem` to your Proxmox. + +To activate the new certificate, do the following on your Proxmox: + +---- +cat key.pem cert.pem >/etc/pmg/pmg-api.pem +---- + +The restart the API servers + +---- +systemctl restart pmgproxy +---- + +Test your new certificate by using your browser. + +NOTE: To transfer files from and to your Proxmox, you can use secure +copy: If you desktop is Linux, you can use the `scp` command line +tool. If your desktop PC is windows, please use a scp client like +WinSCP (see http://winscp.net/). + [appendix] Command Line Interface