The certificates are located in:
|
The correct permissions are 400. (read only for root) and can be set as follows:
|
The file contains Sections:
certificate chain:
Private Key
The end entity certificate and the matching private key are mandatory haproxy.pem
Command to generate the haproxy.pem file
If the output “RSA key ok“ then the private key is correct.
Calculate the modulus of the of the private key
Calculate the modulus of the server certificate
If both outputs are identical then the private key matches to the end entity certificate.
|
|
The minimum is that the certificate for the load balancer and private key are included. The file is referenced in haproxy.cfg:
|
If an intermediate certificate must be inserted (example sales force if the certification chain is not known in SalesForce), this can be done as follows
#
Then edit the file with a text editor, then copy the content of the intermediate certificate into the haproxy.pem file at the very bottom.
Then:
|
The following command can be used to convert a .pfx certificate file to .pem Format (the password for the certificate will be required):
|