[英]Comodo wildcard ssl certificate and Haproxy
I've purchased Comodo Wildard SSL certificate and trying to make it work with Haproxy 我已经购买了Comodo Wildard SSL证书并尝试使其与Haproxy一起使用
I've got those files from comodo: 我从comodo那里得到了这些文件:
Root CA Certificate - AddTrustExternalCARoot.crt
Intermediate CA Certificate - COMODORSAAddTrustCA.crt
Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
Your COMODO SSL Wildcard Certificate - STAR_mydomain_com.crt
Haproxy seems need to have PEM certificate, I've found an article how to make PEM certificate - https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1081/0/creating-a-pem-file-for-ssl-certificate-installation Haproxy似乎需要有PEM证书,我发现了一篇如何制作PEM证书的文章 - https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1081/0/creating-a -pem文件换SSL证书安装
Doing that by running 通过运行来做到这一点
cat STAR_mydomain_com.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt STAR_mydomain_com.crt > certificates.pem
or 要么
cat STAR_mydomain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt STAR_mydomain_com.crt > certificates.pem
But when I try to use restult file with haproxy: 但是当我尝试使用haproxy的restult文件时:
bind 0.0.0.0:443 ssl crt /etc/ssl/certs/certificates.pem
I see the error: 我看到了错误:
[ALERT] 073/104341 (13) : Proxy 'www-https': no SSL certificate specified for bind '0.0.0.0:443' at [/etc/haproxy/haproxy.cfg:37] (use 'crt').
[ALERT] 073/104341 (13) : Fatal errors found in configuration.
...fail!
It's working with self signed certificate but not with Comodo's one 它使用自签名证书,但不使用Comodo的证书
I've tried to google situation but cannot find clearly what's wrong. 我试过谷歌的情况,但无法清楚地发现什么是错的。
Can someone advise how can I make purchased certificate work with haproxy 有人可以建议我如何使用haproxy购买证书
Thanks! 谢谢!
Concatenate STAR_mydomain_com.csr
& STAR_mydomain_com.key
to STAR_mydomain_com.pem
, this is how HAproxy understands certificate. 将
STAR_mydomain_com.csr
和STAR_mydomain_com.key
连接到STAR_mydomain_com.pem
,这就是HAproxy如何理解证书。
Add below backend to haproxy.cfg
将以下后端添加到
haproxy.cfg
frontend https-port443 bind *:443 ssl crt /path/to/STAR_mydomain_com.pem mode http
Concatenate the following into a single PEM file ordered by: 将以下内容连接到按以下顺序排序的单个PEM文件中:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.