Comodo SSL certificates in HAProxy on CentOS7

Tim asked:

I have a CentOS 7 server with HAProxy 1.6 as front and Apache 2.4 as back.

I am trying to load the SSL certificates in HAProxy, however it expects a .pem file.

I have got the following files from Comodo:

  • cabundle.crt
  • certificate.crt
  • certificate.key
  • certificate.p7b

And tried to merge the certificate.crt and certificate.key:

cat certificate.crt certificate.key > haproxy1.pem

This works sofar, however a get a regular Chain Issues error.
Also tried to merge cabundle.crt, certificate.crt and certificate.key into one .pem file. But this gives me an SSL handshake failure in the HAProxy log.

How to get this working correctly?

File contents

cabundle.crt

-----BEGIN CERTIFICATE-----
hash
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
hash
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
hash
-----END CERTIFICATE-----

certificate.crt

-----BEGIN CERTIFICATE-----
hash
-----END CERTIFICATE-----

certificate.key

-----BEGIN PRIVATE KEY-----
hash
-----END PRIVATE KEY-----

haproxy.cfg

frontend public
    bind            *:80
    bind            *:443 ssl crt /etc/ssl/certs/private/

My answer:


The certificate chain should consist of your certificate followed by the intermediate certificates. It should not include the private key.

For example:

cat certificate.crt cabundle.crt > haproxy1.pem

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.