Skip to content

Instantly share code, notes, and snippets.

@SnailShea
Created April 9, 2023 00:37
Show Gist options
  • Save SnailShea/736ac2cab495bef833869b7194e5db8d to your computer and use it in GitHub Desktop.
Save SnailShea/736ac2cab495bef833869b7194e5db8d to your computer and use it in GitHub Desktop.
Script to use certificates from a FreeIPA CA in the Proxmox web interface
#!/bin/bash
# Adapted from https://gist.github.com/rechner/a176be6ec88432e7d8c5ee2f7ab37ccd
# This script assumes the local machine has already been joined to your FreeIPA domain with ipa-client-install
# DOMAIN should be set to your FreeIPA-controlled domain, not the FQDN of the FreeIPA server
# NODE should be the short hostname of your Proxmox node, not a FQDN
DOMAIN=domain.tld
NODE=pve1
KEY=/etc/pve/nodes/$NODE/pve-ssl.key
PEM=/etc/pve/nodes/$NODE/pve-ssl.pem
# Get Kerberos Ticket
kinit admin
# Backup old certificates
mv -v $KEY $KEY.old; mv -v $PEM $PEM.old
# Request certificate from FreeIPA CA
ipa-getcert request -K HTTP/$NODE.$DOMAIN -N "CN=$NODE.$DOMAIN" -k $KEY -f $PEM -I pveproxy
# List FreeIPA certificates tracked on this system
ipa-getcert list
# Set file ownership/permissions
chown -v root:www-data {$KEY,$PEM}; chmod -v 640 {$KEY,$PEM}
# Restart pveproxy to use new certificates
systemctl restart pveproxy
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment