On 04/23/2013 06:31 AM, Tim Verhoeven wrote:
Hi,
I'm trying to get haproxy 1.5 dev18 to load my production certificate
(it is working fine with a self-signed one). And I'm getting this
error:
[ALERT] 112/151354 (11224) : parsing [/etc/haproxy/haproxy.cfg:69] :
'bind <<ip>>:443' : unable to load SSL private key from PEM file
'/etc/pki/tls/certs/<<prodcrt>>.pem'.
[ALERT] 112/151354 (11224) : Error(s) found in configuration file :
/etc/haproxy/haproxy.cfg
[ALERT] 112/151354 (11224) : Proxy 'https-in': no SSL certificate
specified for bind '<<ip>>:443' at [/etc/haproxy/haproxy.cfg:69] (use
'crt').
[ALERT] 112/151354 (11224) : Fatal errors found in configuration.
Errors in configuration file, check with haproxy check.
This cert is a EV multidomain one from Digicert and uses a
intermediate cert. I'm made the pem file by concatenting all the keys
and certs like this :
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN INTERMEDIATE CERTIFICATE-----
-----END INTERMEDIATE CERTIFICATE-----
-----BEGIN ROOT CERTIFICATE-----
-----END ROOT CERTIFICATE-----
The private key should go after your certificate, not before. The rest
of your order is OK. So:
cat mycrt.pem mykey.pem intermediate.pem root.pem > combined.pem
Ian
