Setup A Free Let's Encrypt Certificate On Proxmox
Certificates were always a hard thing to manage, For a start they require too much manual labor and mostly because cryptography is hard to grasp.
Things have evolved and in the age of automation, certificate authorities caught up to the game. A lot of tools are now available to automate the certification acquisition and renewal.
Proxmox is an enterprise grade and open source type two hypervisor. It comes with a nice dashboard secured by a self signed certificate if you don't provide your own.
Before diving into configuring a certificate we should ask ourselves what are the risks of using a selfsigned one?
Certificate authorities [CA] are similar to the banking system. They ensure transactions are valid and provide evidence of that.
These CA are known to all operating systems, browsers, and so on..for example under Linux you find them in /etc/ssl/certs
So the attack vector here lies on the client side. When you try to log in into your website and ignore those warning by your browser. You could be visiting a fake website and typing in your credentials.
These type of attacks are referred to as server impersonation attacks and they use things like DNS cache poisoning.
So let's secure your access to your Proxmox Instance.
Proxmox's website provide a well written tutorial that i used myself multiple times and ended up with that sweet green lock on my hypervisor.
If you want to harden your freshly installed proxmox instance there's a cool repo on github with various script for all sorts of things.
Till next time, stay home.
Things have evolved and in the age of automation, certificate authorities caught up to the game. A lot of tools are now available to automate the certification acquisition and renewal.
Proxmox is an enterprise grade and open source type two hypervisor. It comes with a nice dashboard secured by a self signed certificate if you don't provide your own.
Before diving into configuring a certificate we should ask ourselves what are the risks of using a selfsigned one?
Risks of self signed certificates
Certificates guarantee the authenticity of a request and enables encrypted traffic between a client and a server.Certificate authorities [CA] are similar to the banking system. They ensure transactions are valid and provide evidence of that.
These CA are known to all operating systems, browsers, and so on..for example under Linux you find them in /etc/ssl/certs
So the attack vector here lies on the client side. When you try to log in into your website and ignore those warning by your browser. You could be visiting a fake website and typing in your credentials.
These type of attacks are referred to as server impersonation attacks and they use things like DNS cache poisoning.
So let's secure your access to your Proxmox Instance.
Let's Encrypt using acme.sh
I love let's encrypt primarily because they bridged the gap between security and developers. We never cared for using a certificate, either because it was too expensive or too hard to setup.Proxmox's website provide a well written tutorial that i used myself multiple times and ended up with that sweet green lock on my hypervisor.
If you want to harden your freshly installed proxmox instance there's a cool repo on github with various script for all sorts of things.
Till next time, stay home.
Comments
Post a Comment