You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

The certificates are located in:

/etc/haproxy/haproxy.pem
The correct permissions are 400. (read only for root) and can be set as follows:
chmod 400 haproxy.pem

The file contains Sections:


-----BEGIN CERTIFICATE-----
MIIEzjCCA7agAwIBAgISESGiWLxseXetsJGbfZKEfehiMA0GCSqGSIb3DQEBCwUA
MEwxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIwIAYD
...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAsDGatsqSubHWmDG2IOVbocgwJfX9dB3EtXFw6HN87zDvAvvE
9KUsDqMQiU2+aORZapzhl0oL1cfznPpQYyo4WGprQiNyL82TTxeWhCNRnBv4tnJw
...

-----END RSA PRIVATE KEY-----


The minimum is that the certificate for the load balancer and private key are included. The file is referenced in haproxy.cfg:

frontend acdportal_https
 mode http
 bind :443 ssl crt /etc/haproxy/haproxy.pem #verify optional


If an intermediate certificate must be inserted (example sales force if the certification chain is not known in SalesForce), this can be done as follows

  • Right mouse click on the certification in the browser:

  • Display details of the certificate:

  • view certificate

  • Display intermediate certificate:

  • Save as file:

  • In base 64 format:

#

  • Save to the local computer:

Then edit the file with a text editor, then copy the content of the intermediate certificate into the haproxy.pem file at the very bottom.

Then:

service haproxy reload

  • No labels