This tutorial will show you how to generate a CSR code and install an SSL Certificate on Proxmox Virtual Environment. You will also learn a few interesting facts about Proxmox, as well as discover the best place to shop for affordable SSL Certificates.
If you’ve already generated the CSR Code and received the necessary SSL files, you can proceed straight to the installation instructions. Use the links below to jump between sections.
Generate a CSR code on Proxmox
To get an SSL Certificate from a trusted Certificate Authority (CA), every SSL applicant must generate a CSR code and send it to the certificate provider. CSR stands for Certificate Signing Request, a block of encrypted code with contact data such as domain and company identity.
Since Proxmox Virtual Environment is a based on Debian, we’ll create the CSR code using the SSH (secure shell) and OpenSSL utility which comes pre-installed on your server. Please follow the steps below:
- At the prompt, run the following command to create the CSR and private key:
openssl req -new -newkey rsa:2048 -nodes -keyout mywebsite.key -out mywebsite.csr
Note: Replace mywebsite attribute with your actual domain name.
- Provide the required information about your domain and company:
- Country Name: type the official two-letter code of your country. For example, US
- State or Province: write the full name of the state or province where your company is officially registered. For example, Alabama
- City or Locality: enter the full name of the city where your company is located. For instance, Mobile
- Organization Name: specify the full legal name of your company. For example, Your Company LLC
- Organizational Unit Name: type the name of the department requesting the SSL certificate. For instance, IT or Web Administration
- Common Name: enter the FQDN (fully-qualified domain name) you want to secure. For example, yoursite.com. If you have a Wildcard certificate, add an asterisk in front of the domain (e.g., *.yoursite.com).
- Email address: provide a valid email address
- A challenge password: this field is optional you can leave it blank
- An optional company name: you can leave this field blank
That’s it! The OpenSSL utility will now create your CSR code along with the private key. To locate the newly generated files, use the
You can open the CSR file with any text editor of your choice such as Notepad. During the SSL order process, you’ll have to copy the entire CSR contents, including the BEGIN CERTIFICATE and END CERTIFICATE tags into the corresponding box, on your SSL vendor’s website.
Install an SSL Certificate on Proxmox
After your CA signs your SSL certificate and sends the SSL files to your inbox, you can begin the installation.
Note: The following instructions apply to Proxmox Virtual Environment version 4.1.20 or higher. Check your version of the PVE-manager and upgrade if necessary.
Prepare the installation files:
Download the ZIP folder that you received from your CA and extract the files on your device. To activate your SSL Certificate on Proxmox, you will need the following two files:
- fullchain.pem (your primary and all intermediate certificates, excluding the root certificate, merged into a single PEM format file)
- private-key.pem (your private key with PEM extension without a password)
Depending on your CA, you may receive your root and intermediate certificates in separate files, or in a single .ca-bundle file. For Proxmox, you’ll have to combine your primary and intermediate certs into a single PEM file. Use any text editor to copy-paste the contents of each certificate.
Copy the SSL files to Proxmox
- Once your two SSL files are ready, move them to the override locations in /etc/pve/nodes/<node>. Ensure that you’re using the correct SSL files and nodes.
cp fullchain.pem /etc/pve/nodes/<node>/pveproxy-ssl.pem
cp private-key.pem /etc/pve/nodes/<node>/pveproxy-ssl.key
- Next, restart the web interface using the
systemctl restart pveproxycommand.
- The system log should inform you about the usage of the alternative SSL certificate (“Using ‘/etc/pve/local/pveproxy-ssl.pem’ as certificate for the web interface.”):
Congratulations, you’ve successfully installed an SSL certificate on Proxmox Virtual Environment. When accessing the web interface via
journalctl -b -u pveproxy.service you should be presented with the new certificate. Note that the alternative certificate is only used by the web interface (including noVNC), but not by the Spice Console/Shell.
Test your SSL Installation
After you install an SSL Certificate on Proxmox, you should run a quick test and check your new SSL certificate for potential errors and vulnerabilities. We have an entire article on our blog, describing the best SSL tools to scan your SSL installation.
Proxmox history and versions
Proxmox Virtual Environment (PVE) is a free and open-source server virtualization environment built on Debian-based Linux distribution and Ubuntu LTS kernel. Proxnox was created by two Linux developers, Dietmar and Martin Maurer, with the first public release going live in April 2008.
At that time, Proxmox was one of the few platforms offering out-of-the-box support for container and full virtualization in Web GUI identical to commercial counterparts.
Proxmox comes with a wide range of features such as live migration, bridged networking, OS template building, flexible storage, scheduled backup, and command-line tools.
Listed below are the latest Proxmox releases:
- Proxmox VE 5.3
- Proxmox VE 5.2
- Proxmox VE 5.1
- Proxmox VE 5.0
Where to buy the best SSL Certificate for Proxmox?
When buying an SSL Certificate, you should factor in the validation type, price, and customer service. At SSL Dragon, we offer the widest range of SSL certificates, the best prices, and, of course, dedicated customer support! Our SSL certificates are issued by trusted Certificate Authorities and are compatible with Proxmox Virtual Environment. Whether you need an affordable Domain Validation certificate or a premium Extended Validation product we’ve got you covered. Here’s our full list of SSL certificate types:
- Domain Validation
- Business Validation
- Extended Validation
- Code Signing
- IP Address
If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.