Dear, Thanks a lot for your reply which I followed and produced the following:
[root@haproxy ~]# ll /etc/haproxy/certs/ total 88 -rw-r--r-- 1 root root 1960 Sep 3 00:46 ca2.crt -rw-r--r-- 1 root root 3243 Sep 3 00:46 ca2.key -rw-r--r-- 1 root root 1048 Sep 3 00:46 ca_crl.pem -rw-r--r-- 1 root root 2029 Sep 3 00:46 ca.crt -rw-r--r-- 1 root root 3243 Sep 3 00:46 ca.key -rw-r--r-- 1 root root 3989 Sep 3 00:46 ca.pem -rw-r--r-- 1 root root 1342 Sep 3 00:46 client1.crt -rw-r--r-- 1 root root 660 Sep 3 00:46 client1.csr -rw-r--r-- 1 root root 887 Sep 3 00:46 client1.key -rw-r--r-- 1 root root 1342 Sep 3 00:46 client2.crt -rw-r--r-- 1 root root 660 Sep 3 00:46 client2.csr -rw-r--r-- 1 root root 887 Sep 3 00:46 client2.key -rw-r--r-- 1 root root 1306 Sep 3 00:46 client_company.crt -rw-r--r-- 1 root root 660 Sep 3 00:46 client_company.csr -rw-r--r-- 1 root root 887 Sep 3 00:46 client_company.key -rw-r--r-- 1 root root 1342 Sep 3 00:46 client_expired.crt -rw-r--r-- 1 root root 660 Sep 3 00:46 client_expired.csr -rw-r--r-- 1 root root 887 Sep 3 00:46 client_expired.key -rw-r--r-- 1 root root 1342 Sep 3 00:46 server.crt -rw-r--r-- 1 root root 660 Sep 3 00:46 server.csr -rw-r--r-- 1 root root 891 Sep 3 00:46 server.key -rw-r--r-- 1 root root 2233 Sep 3 00:46 server.pem But when I restarted the haproxy , I got the following error: [root@haproxy haproxy]# service haproxy restart [ALERT] 245/025407 (2270) : parsing [/etc/haproxy/haproxy.cfg:71] : 'bind *:443' : unable to load SSL private key from PEM file '/etc/haproxy/certs/ca_crl.pem'. [ALERT] 245/025407 (2270) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg [ALERT] 245/025407 (2270) : Proxy 'https_frontend': no SSL certificate specified for bind '*:443' at [/etc/haproxy/haproxy.cfg:71] (use 'crt'). [ALERT] 245/025407 (2270) : Fatal errors found in configuration. Errors in configuration file, check with haproxy check. Thanks for your help my friend Rezhna -----Original Message----- From: Baptiste [mailto:[email protected]] Sent: Monday, September 2, 2013 10:41 PM To: Nick Jennings Cc: Rezhna Hoshyar; Lukas Tribus; [email protected] Subject: Re: https with haproxy Rezhna, You can start with a script I used when I wrote some blog articles about HAProxy and SSL: https://github.com/exceliance/haproxy/tree/master/blog/ssl_client_certificate_management_at_application_level You'll be able to generate selfsigned certificates. Good luck, Baptiste On Mon, Sep 2, 2013 at 2:59 PM, Nick Jennings <[email protected]> wrote: > http://www.startssl.com > > > > On Mon, Sep 2, 2013 at 2:51 PM, Rezhna Hoshyar > <[email protected]> > wrote: >> >> Dear, >> >> Could you please tell me how I can get free ssl certificate as I >> tried many ways mentioned on Internet , but none of them were useful >> >> Rezhna >> >> -----Original Message----- >> From: Baptiste [mailto:[email protected]] >> Sent: Sunday, September 1, 2013 9:44 PM >> To: Rezhna Hoshyar >> Cc: Lukas Tribus; [email protected] >> Subject: Re: https with haproxy >> >> Hi Rezhna, >> >> Use the "http-request redirect scheme" to do this, as example: >> http-request redirect scheme https if ! { ssl_fc } >> >> It will force HTTPs whatever the hostname is. >> As Lukas stated, you have to own the certificate and the frontend / >> backend must be in mode http. >> >> Baptiste >> >> >> >> On Sun, Sep 1, 2013 at 4:56 PM, Rezhna Hoshyar >> <[email protected]> >> wrote: >> > >> > Hi, >> > >> > Actually we want to apply it for our company web sites. >> > >> > Rezhna >> > >> > -----Original Message----- >> > From: Lukas Tribus [mailto:[email protected]] >> > Sent: Sunday, September 1, 2013 5:44 PM >> > To: Rezhna Hoshyar >> > Cc: [email protected] >> > Subject: RE: https with haproxy >> > >> > Hi, >> > >> >> My question is about how to use https with haproxy , not avoiding it. >> > >> > Compile haproxy 1.5 with SSL support and enable it. You can find >> > details in doc/ and some generic examples in examples/. >> > >> > >> > >> >> I can use haproxy to redirect http://google.com to >> >> http://yahoo.com, but I cannot do that with https://google.com. >> > >> > Well, do you have a certificate for google.com (or whatever website >> > you need to redirect)? You cannot do this without a valid >> > certificate, otherwise HTTPS would not make any sense. >> > >> > >> > >> > Regards, >> > >> > Lukas >> > >> > -- >> > This message has been scanned for viruses and dangerous content by >> > MailScanner, and is believed to be clean. >> > >> > >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> >> > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
