This tutorial will show you how to install an SSL Certificate on Proxmox Virtual Environment. You will also discover the best place to shop for affordable SSL Certificates.
If you’ve already generated the CSR Code and received the necessary SSL files, you can proceed straight to the installation instructions. Use the links below to jump between sections.
Table of Contents
- Generate a CSR code on Proxmox
- Install an SSL certificate on Proxmox
- Test your SSL installation
- Where to buy the best SSL Certificate for Proxmox?
Generate a CSR code on Proxmox
To get an SSL Certificate from a trusted Certificate Authority (CA), every SSL applicant must generate a CSR code and send it to the certificate provider. CSR stands for Certificate Signing Request, a block of encrypted code with contact data such as domain and company identity.
You have two options:
- Generate the CSR automatically using our CSR Generator.
- Follow our step-by-step tutorial on how to create the CSR on Proxmox
Install an SSL Certificate on Proxmox
After your CA signs your SSL certificate and sends the SSL files to your inbox, you can begin the installation.
Note: The following instructions apply to Proxmox Virtual Environment version 4.1.20 or higher. Check your version of the PVE-manager and upgrade if necessary.
Step 1: Prepare the installation files
Download the ZIP folder that you received from your CA and extract the files on your device. To activate your SSL Certificate on Proxmox, you will need the following two files:
- fullchain.pem (your primary and all intermediate certificates, excluding the root certificate, merged into a single PEM format file)
- private-key.pem (your private key with PEM extension without a password)
Depending on your CA, you may receive your root and intermediate certificates in separate files, or in a single .ca-bundle file. For Proxmox, you’ll have to combine your primary and intermediate certs into a single PEM file. Use any text editor to copy-paste the contents of each certificate.
Step 2: Copy the SSL files to Proxmox
Once your two SSL files are ready, move them to the override locations in /etc/pve/nodes/<node>. Ensure that you’re using the correct SSL files and nodes.
cp fullchain.pem /etc/pve/nodes/<node>/pveproxy-ssl.pem
cp private-key.pem /etc/pve/nodes/<node>/pveproxy-ssl.key
Next, restart the web interface using the following command:
systemctl restart pveproxy
The system log should inform you about the usage of the alternative SSL certificate (Using ‘/etc/pve/local/pveproxy-ssl.pem’ as certificate for the web interface.).
Congratulations, you’ve successfully installed an SSL certificate on Proxmox Virtual Environment.
When accessing the web interface via journalctl -b -u pveproxy.service you should be presented with the new certificate. Note that the alternative certificate is only used by the web interface (including noVNC), but not by the Spice Console/Shell.
Test your SSL Installation
After you install an SSL Certificate on Proxmox, you should run a quick test and check your new SSL certificate for potential errors and vulnerabilities. We have an entire article on our blog, describing the best SSL tools to scan your SSL installation.
Where to buy the best SSL Certificate for Proxmox?
When buying an SSL Certificate, you should factor in the validation type, price, and customer service. At SSL Dragon, we offer the widest range of SSL certificates, the best prices, and, of course, dedicated customer support! Our SSL certificates are issued by trusted Certificate Authorities and are compatible with Proxmox Virtual Environment. Whether you need an affordable Domain Validation certificate or a premium Extended Validation product we’ve got you covered.
If you don’t know what type of SSL certificate to choose, our SSL Wizard and Certificate Filter tools will recommend the ideal SSL product for your website.
If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.