{"id":18,"date":"2022-05-01T01:53:01","date_gmt":"2022-05-01T01:53:01","guid":{"rendered":"https:\/\/nuclearwaffle.com\/?p=17"},"modified":"2022-05-01T01:53:01","modified_gmt":"2022-05-01T01:53:01","slug":"how-to-add-certs-to-proxmox-for-the-webgui","status":"publish","type":"post","link":"https:\/\/www.nuclearwaffle.com\/?p=18","title":{"rendered":"How to add certs to Proxmox for the WebGUI?"},"content":{"rendered":"\n

Okay, so you’ve set up OPNsense like I did, and the Automations don’t necessarily work yet, but you want to upload the certificates to your Proxmox instance so you can get that nice lock icon in the browser and stop getting nagged. So, where do they go?<\/p>\n\n\n\n

Remember, Proxmox is built on nodes, and each node has its own storage location in the overall “system” and therefore, you can get to the main proxmox webgui through any of them. And when you do, it’s going to pull the certs found here:<\/p>\n\n\n\n

\/etc\/pve\/nodes\/<nodename><\/code><\/p>\n\n\n\n

Those certs are going to look like this, if you get in through SSH:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

In this case, pve-ssl.key and pve-ssl.pem are the “self-signed” certs you’re currently served when you get to the webgui, the ones your browser doesn’t like. So you’re going to manually copy in two more.<\/p>\n\n\n\n

Since you’ve already pulled your certs and you have the .key file (I assume you know how to download them from OPNsense’s “SYSTEM: TRUST: CERTIFICATES” menu?) and the crt file you get, you’ll use nano to open up two new files:<\/p>\n\n\n\n

pveproxy-ssl.pem<\/code><\/p>\n\n\n\n

In here goes the .crt file contents, copy-pasted with absolutely no changes.<\/p>\n\n\n\n

pveproxy-ssl.key<\/code><\/p>\n\n\n\n

In here goes the .key file contents, again without changes.<\/p>\n\n\n\n

Save and quit both and then check the filesystem with ls <\/code>again and it should look thusly:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Assuming that worked, issue a systemctl restart pveproxy<\/code> and it’ll restart the webgui. <\/p>\n\n\n\n

Finally, close any open proxmox gui instances you have, and reopen a new one. That magical lock icon should appear.<\/p>\n\n\n\n

<\/p>\n\n\n\n

Now, fix your damn Automations.<\/p>\n","protected":false},"excerpt":{"rendered":"

Okay, so you’ve set up OPNsense like I did, and the Automations don’t necessarily work yet, but you want to upload the certificates to your Proxmox instance so you can get that nice lock icon in the browser and stop getting nagged. So, where do they go? Remember, Proxmox is built on nodes, and each…<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-18","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=\/wp\/v2\/posts\/18","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=18"}],"version-history":[{"count":0,"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=\/wp\/v2\/posts\/18\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=18"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=18"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=18"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}