1)
Generate a unique private key (KEY)
$sudo openssl genrsa -out mydomain.key 2048
Note:
Content in this file start with -----BEGIN RSA PRIVATE KEY-----
2)
Generating a Certificate Signing Request (CSR)
$sudo openssl req -new -key mydomain.key -out mydomain.csr
Note:
Content in this file start with -----BEGIN CERTIFICATE REQUEST-----
3)
Creating a Self-Signed Certificate (CRT)
$openssl x509 -req -days 365 -in mydomain.csr -signkey mydomain.key -out mydomain.crt
Note:
Content in this file start with -----BEGIN CERTIFICATE-----
4)
Append KEY and CRT to mydomain.pem
$sudo bash -c 'cat mydomain.key mydomain.crt >> /etc/ssl/private/mydomain.pem'
Note:
This pem file contains 2 sections (certificates), one start with -----BEGIN RSA PRIVATE KEY----- and another one start with -----BEGIN CERTIFICATE-----
5)
Specify PEM in haproxy config
$ sudo vim /etc/haproxy/haproxy.cfg
listen haproxy
bind 0.0.0.0:443 ssl crt /etc/ssl/private/mydomain.pem
mode http
option http-server-close
option forwardfor
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 443
option forwardfor if-none
balance roundrobin
option abortonclose
server 192.168.100.224 192.168.100.224:1443 check inter 10s rise 2 fall 3 ssl verify none
6)
Restart haproxy
$ sudo service haproxy restart
Ref:
https://gist.github.com/sethwebster/b48d7c872fe397c1db11
https://help.ubuntu.com/lts/serverguide/certificates-and-security.html
Generate a unique private key (KEY)
$sudo openssl genrsa -out mydomain.key 2048
Note:
Content in this file start with -----BEGIN RSA PRIVATE KEY-----
2)
Generating a Certificate Signing Request (CSR)
$sudo openssl req -new -key mydomain.key -out mydomain.csr
Note:
Content in this file start with -----BEGIN CERTIFICATE REQUEST-----
3)
Creating a Self-Signed Certificate (CRT)
$openssl x509 -req -days 365 -in mydomain.csr -signkey mydomain.key -out mydomain.crt
Note:
Content in this file start with -----BEGIN CERTIFICATE-----
4)
Append KEY and CRT to mydomain.pem
$sudo bash -c 'cat mydomain.key mydomain.crt >> /etc/ssl/private/mydomain.pem'
Note:
This pem file contains 2 sections (certificates), one start with -----BEGIN RSA PRIVATE KEY----- and another one start with -----BEGIN CERTIFICATE-----
5)
Specify PEM in haproxy config
$ sudo vim /etc/haproxy/haproxy.cfg
listen haproxy
bind 0.0.0.0:443 ssl crt /etc/ssl/private/mydomain.pem
mode http
option http-server-close
option forwardfor
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 443
option forwardfor if-none
balance roundrobin
option abortonclose
server 192.168.100.224 192.168.100.224:1443 check inter 10s rise 2 fall 3 ssl verify none
6)
Restart haproxy
$ sudo service haproxy restart
Ref:
https://gist.github.com/sethwebster/b48d7c872fe397c1db11
https://help.ubuntu.com/lts/serverguide/certificates-and-security.html
Not working ,
ReplyDeletesudo service haproxy restart
Failed to restart haproxy.service: Unit haproxy.service not found.
How to auto renew the pem file after 365 days?
ReplyDelete