Custom Search

Tuesday, November 8, 2016

How to create a PEM file for HAProxy Configure SSL Certificate

1)
Generate a unique private key (KEY)
$sudo openssl genrsa -out mydomain.key 2048

Note:
Content in this file start with -----BEGIN RSA PRIVATE KEY-----

2)
Generating a Certificate Signing Request (CSR)
$sudo openssl req -new -key mydomain.key -out mydomain.csr

Note:
Content in this file start with -----BEGIN CERTIFICATE REQUEST-----



3)
Creating a Self-Signed Certificate (CRT)
$openssl x509 -req -days 365 -in mydomain.csr -signkey mydomain.key -out mydomain.crt

Note:
Content in this file start with -----BEGIN CERTIFICATE-----

4)
Append KEY and CRT to mydomain.pem
$sudo bash -c 'cat mydomain.key mydomain.crt >> /etc/ssl/private/mydomain.pem'

Note:
This pem file contains 2 sections (certificates), one start with -----BEGIN RSA PRIVATE KEY----- and  another one start with -----BEGIN CERTIFICATE-----

5)
Specify PEM in haproxy config
$ sudo vim /etc/haproxy/haproxy.cfg
listen haproxy
  bind 0.0.0.0:443 ssl crt /etc/ssl/private/mydomain.pem
  mode  http
  option http-server-close
  option forwardfor
  reqadd X-Forwarded-Proto:\ https
  reqadd X-Forwarded-Port:\ 443
  option forwardfor if-none
  balance  roundrobin
  option  abortonclose
  server 192.168.100.224 192.168.100.224:1443 check inter 10s rise 2 fall 3 ssl verify none

6)
Restart haproxy
$ sudo service haproxy restart

Ref:
https://gist.github.com/sethwebster/b48d7c872fe397c1db11
https://help.ubuntu.com/lts/serverguide/certificates-and-security.html






1 comment:

  1. BlueHost is ultimately one of the best website hosting provider with plans for all of your hosting needs.

    ReplyDelete