...
If your system previously had no certificate installed and was running via http, follow this routestart here. If you are exchanging your certificate before its expiry and your jtel ACD was running configured for https before, follow start here.
| Anchor | ||||
|---|---|---|---|---|
|
Change the haproxy configuration to https
For systems with one Load Balancer and HAProxy use this.
For redundant systems with two Load Balancers and HaProxys use this.
| Anchor | ||||
|---|---|---|---|---|
|
Create the haproxy.pem file
The certificate chain will be put together with a simple cat command in Linux.
| Code Block | ||
|---|---|---|
| ||
# Create a backup of the current haproxy.pem file if required cp /etc/haproxy/haproxy.pem /<backup-location>/haproxy.pem # Build the haproxy.pem Certificate file cat end_entity_cetificate.crt intermediate_certificate.crt root_certificate.crt private_key.key > haproxy.pem # copy the haproxy.pem file to the correct location on the Load Balancer cp <your-path-to-.pem>/haproxy.pem /etc/haproxy/haproxy.pem # change the file access rights |
...
cd /etc/haproxy/
chmod 400 haproxy.pem
# reload the haproxy
systemctl reload haproxy |
Tests
After finishing, test access with your new https URL.
Example URL Admin
https://acd.johntelephony.com/CarrierPortal/admin
Example URL Client
https://acd.johntelephony.com/CarrierPortal/login/<ResellerUID>/<ClientUID>
...
Useful openssl commands
openss can be used to for exapmle ensure that the end_entity_cetificate.crt and private_key.key match. It can also be used to ensure that the private key is not corrupted and to check the validiy of the certificate itself.
...