Comodo通配符ssl证书和Haproxy

Question

I've purchased Comodo Wildard SSL certificate and trying to make it work with Haproxy

I've got those files from comodo:

Root CA Certificate - AddTrustExternalCARoot.crt
Intermediate CA Certificate - COMODORSAAddTrustCA.crt
Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
Your COMODO SSL Wildcard Certificate - STAR_mydomain_com.crt

Haproxy seems need to have PEM certificate, I've found an article how to make PEM certificate - https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1081/0/creating-a-pem-file-for-ssl-certificate-installation

Doing that by running

cat STAR_mydomain_com.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt STAR_mydomain_com.crt > certificates.pem

or

cat STAR_mydomain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt STAR_mydomain_com.crt > certificates.pem

But when I try to use restult file with haproxy:

bind 0.0.0.0:443 ssl crt /etc/ssl/certs/certificates.pem

I see the error:

[ALERT] 073/104341 (13) : Proxy 'www-https': no SSL certificate specified for bind '0.0.0.0:443' at [/etc/haproxy/haproxy.cfg:37] (use 'crt').
[ALERT] 073/104341 (13) : Fatal errors found in configuration.
   ...fail!

It's working with self signed certificate but not with Comodo's one

I've tried to google situation but cannot find clearly what's wrong.

Can someone advise how can I make purchased certificate work with haproxy

Thanks!

Answer 1

Concatenate STAR_mydomain_com.csr & STAR_mydomain_com.key to STAR_mydomain_com.pem , this is how HAproxy understands certificate.

Add below backend to haproxy.cfg
frontend https-port443 bind *:443 ssl crt /path/to/STAR_mydomain_com.pem mode http

Concatenate the following into a single PEM file ordered by:

1. Private Key
2. Your domain's cert
3. Intermediate certs
4. Root cert