Created
July 28, 2020 23:49
-
-
Save rechner/a176be6ec88432e7d8c5ee2f7ab37ccd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Setting up Proxmox with a certificate from FreeIPA. | |
| # This assumes you've already joined the machine with ipa-client-install | |
| # Get a ticket as someone that can issue certificates | |
| kinit admin | |
| cat <<EOF > /usr/local/sbin/set-ssl-permissions | |
| #!/bin/bash | |
| FILES=/etc/pve/nodes/proxmox/{pve-ssl.key,pve-ssl.pem} | |
| chown root.www-data $FILES | |
| chmod 640 $FILES | |
| systemctl restart pveproxy | |
| EOF | |
| chmod a+x /usr/local/sbin/set-ssl-permissions | |
| mv /etc/pve/nodes/proxmox/pve-ssl.key /etc/pve/nodes/proxmox/pve-ssl.key.old | |
| mv /etc/pve/nodes/proxmox/pve-ssl.pem /etc/pve/nodes/proxmox/pve-ssl.pem.old | |
| ipa-getcert request -K HTTP/`hostname -f` -k /etc/pve/nodes/proxmox/pve-ssl.key -f /etc/pve/nodes/proxmox/pve-ssl.pem -I pveproxy -C /usr/local/sbin/set-ssl-permissions | |
| ipa-getcert list | |
| # Check that it's not "stuck" and there is no "ca-error" listed | |
| systemctl restart pveproxy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I found i needed to set the CN with -N $(hostname -f) to the ipa-getcert request