ssl - haproxy: inconsistencies between private key and certificate loaded from PEM file -


i trying use certificate signed server. have both private key , certificate.

my pem file order :

subject=/c=***/l=*****/o=**********/cn=********* issuer=/c=***/o=*****inc/cn=********secure server ca -----begin certificate----- -----end certificate----- subject=/c=us/o=******** inc/cn=********* sha2 secure server ca issuer=/c=us/o=********* inc/ou=*********/cn=******** global root ca -----begin certificate----- -----end certificate----- subject=/c=us/o=********* inc/ou=***********/cn=*********** global root ca issuer=/c=us/o=********* inc/ou=************/cn=******** global root ca -----begin certificate----- -----end certificate----- -----begin rsa private key----- -----end rsa private key-----

when tried deploy haproxy, got error.

[alert] 188/141626 (2322) : parsing [/etc/haproxy/haproxy.cfg:32] : 'bind *:443' : inconsistencies between private key , certificate loaded pem file ................ [alert] 188/141626 (2322) : error(s) found in configuration file : /etc/haproxy/haproxy.cfg [alert] 188/141626 (2322) : proxy 'www-https': no ssl certificate specified bind '*:443' @ [/etc/haproxy/haproxy.cfg:32] (use 'crt'). [alert] 188/141626 (2322) : fatal errors found in configuration. errors in configuration file, check haproxy check.

and haproxy version is:

ha-proxy version 1.5.2 2014/07/12 copyright 2000-2014 willy tarreau <w@1wt.eu>

i can start haproxy self-signed cert. why occur inconsistency? sure private key belongs certificate.

i'm trying hours can not find reason.

please help! thank you!

the order of certificates in file wrong. seems putting intermediate certificate (i.e. secure server ca) first expected server certificate. order of certificates needs be:

  • server certificate
  • server private key (without password)
  • intermediate certificate 1
  • intermediate certificate 2

it's not important put private key. however, order of certificates strictly needs ordered leaf root, i.e. first server certificate, intermediate, it's parent. basically, put server certificate first, signer, signer, ...

for more information, please refer the documentation.


Comments

Post a Comment

Popular posts from this blog

toolbar - How to add link to user registration inside toobar in admin joomla 3 custom component -

im trying write component admin side , need add user creation. dont want duplicate existing codes add link. know how add task not simple link toolbar. thx help. if wanting button opens new user screen can try in component: $bar = jtoolbar::getinstance('toolbar'); $bar->appendbutton('link', 'users', 'new user','index.php?option=com_users&task=user.add'); you need add view.html.php file wherever you're creating toolbar. is need?
Read more

linux - disk space limitation when creating war file -

i have 1 gb disk space limitation hosting app , have used 700mb of it. however want create war file directory big (around 600mb) using command : jar -cvf root.war folderpath that's why encounter quota limitation , can't following. i'm looking way delete folder content when it's applying archive conserve disk space take note can't install zip tool in ssh shell ~ the code works on test directories, test first anyway, deletes files. it's not efficient. assumptions: 300mb free space, in destructively compress 600mb folderpath directory. none of files big -- if file in folderpath 300mb or larger, fail. notes: if ' $out ' file exists, nothing. first find pipes file list while , if ' $out ' doesn't exist in loop, create it, don't update -- if does exist, update it. each pass adds 1 more file, deletes unless file directory. after loop finishes delete empty directories too. unset u ; in=folderpath ; out=roo...
Read more