5

I have a problem with haproxy 1.5.2 on centos 7. I have created a pem file containing the private key and the selfsigned certificate but when configuring it, haproxy is not able to start.

When I have the certificates in the this order:

-----BEGIN PRIVATE KEY----
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

I receive the following error message:

Feb 20 14:27:29 test.net haproxy-systemd-wrapper[2217]: [ALERT] 050/142729 (2218) : Proxy 'test': no SSL certificate specified for bind '*:443' at [/etc/haproxy/haproxy.cfg:64] (use 'crt').
Feb 20 14:27:29 test.net haproxy-systemd-wrapper[2217]: [ALERT] 050/142729 (2218) : Fatal errors found in configuration.
Feb 20 14:27:29 test.net haproxy-systemd-wrapper[2217]: haproxy-systemd-wrapper: exit, haproxy RC=256
Feb 20 14:30:11 test.net systemd[1]: Starting HAProxy Load Balancer...
Feb 20 14:30:11 test.net systemd[1]: Started HAProxy Load Balancer.
Feb 20 14:30:11 test.net haproxy-systemd-wrapper[2253]: haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
Feb 20 14:30:11 test.net haproxy-systemd-wrapper[2253]: [ALERT] 050/143011 (2254) : OpenSSL random data generator initialization failed.

If I have it in this order:

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY----
-----END PRIVATE KEY-----

I get the following error:

Feb 20 14:30:11 test.net haproxy-systemd-wrapper[2253]: [ALERT] 050/143011 (2254) : Fatal errors found in configuration.
Feb 20 14:30:11 test.net haproxy-systemd-wrapper[2253]: haproxy-systemd-wrapper: exit, haproxy RC=256
Feb 20 14:36:45 test.net systemd[1]: Starting HAProxy Load Balancer...
Feb 20 14:36:45 test.net systemd[1]: Started HAProxy Load Balancer.
Feb 20 14:36:45 test.net haproxy-systemd-wrapper[2292]: haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
Feb 20 14:36:45 test.net haproxy-systemd-wrapper[2292]: [ALERT] 050/143645 (2293) : parsing [/etc/haproxy/haproxy.cfg:64] : 'bind *:443' : unable to load SSL private key from PEM file '/etc/haproxy/certs/haproxy.pem'.

My frontend configuration looks like this:

frontend test
        bind *:443 ssl crt /etc/haproxy/certs/haproxy.pem
        mode http
        default_backend testnodes

What am I doing wrong?

Barmar
  • 741,623
  • 53
  • 500
  • 612
Muffe
  • 51
  • 1
  • 2
  • SO is for programming questions, not server configuration problems. Try serverfault.com. – Barmar Feb 20 '15 at 14:44
  • Check [this](https://stackoverflow.com/questions/27947982/haproxy-unable-to-load-ssl-private-key-from-pem-file) thread. Possible duplicate. – yuriploc Nov 29 '17 at 13:58

0 Answers0