It's all about the answers!

Ask a question

Installing a certificate on HA proxy fails with cat: ssl/proxy.crt: No such file or directory


Krzysztof Kaźmierczyk (7.4k475103) | asked Oct 24 '17, 3:23 a.m.
edited Oct 24 '17, 3:26 a.m.

Hi all,
I am trying to setup CLM cluster. At the stage of installing the certificate for haproxy I am getting the following error:

[root@mwcsrhel7 ~]# cd /etc/haproxy/
[root@mwcsrhel7 haproxy]#  openssl req -new -key "ssl/proxy.key" -out "ssl/proxy.csr"
Enter pass phrase for ssl/proxy.key:
unable to load Private Key
140057214654368:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:596:
140057214654368:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:483:
[root@mwcsrhel7 haproxy]#  openssl req -new -key "ssl/proxy.key" -out "ssl/proxy.csr"
Enter pass phrase for ssl/proxy.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.


Country Name (2 letter code) [XX]:PL State or Province Name (full name) []:IBM Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]:IBM Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:Rat1onal An optional company name []: [root@mwcsrhel7 haproxy]#  cat ssl/proxy.crt ssl/proxy.csr > ssl/proxy.pem cat: ssl/proxy.crt: No such file or directory [root@mwcsrhel7 haproxy]# ls ssl proxy.csr  proxy.key  proxy.pem


What did I do wrong?

Accepted answer


permanent link
Dinesh Kumar B (4.1k413) | answered Oct 24 '17, 3:32 a.m.
JAZZ DEVELOPER

you may have missed running the following command for generating the .crt :

openssl x509 -req -days NNN -in proxy.csr -signkey proxy.key -out proxy.crt



Krzysztof Kaźmierczyk selected this answer as the correct answer

Comments
Krzysztof Kaźmierczyk commented Oct 24 '17, 5:47 a.m. | edited Oct 24 '17, 5:48 a.m.

Thanks Dinesh, It worked!

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.