It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×42,834
×4,304
×2,346
×12
×1

question asked: Oct 24 '17, 3:23 a.m.
question was seen: 2,177 times
last updated: Oct 24 '17, 5:48 a.m.

Related questions

Installing a certificate on HA proxy fails with cat: ssl/proxy.crt: No such file or directory

0
Krzysztof Kaźmierczyk (7.5k480103) | asked Oct 24 '17, 3:23 a.m.
edited Oct 24 '17, 3:26 a.m.

Hi all,
I am trying to setup CLM cluster. At the stage of installing the certificate for haproxy I am getting the following error: 

[root@mwcsrhel7 ~]# cd /etc/haproxy/
[root@mwcsrhel7 haproxy]#  openssl req -new -key "ssl/proxy.key" -out "ssl/proxy.csr"
Enter pass phrase for ssl/proxy.key:
unable to load Private Key
140057214654368:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:596:
140057214654368:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:483:
[root@mwcsrhel7 haproxy]#  openssl req -new -key "ssl/proxy.key" -out "ssl/proxy.csr"
Enter pass phrase for ssl/proxy.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.




Country Name (2 letter code) [XX]:PL
State or Province Name (full name) []:IBM
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:IBM
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Rat1onal
An optional company name []:
[root@mwcsrhel7 haproxy]#  cat ssl/proxy.crt ssl/proxy.csr > ssl/proxy.pem
cat: ssl/proxy.crt: No such file or directory
[root@mwcsrhel7 haproxy]# ls ssl
proxy.csr  proxy.key  proxy.pem

What did I do wrong?

Accepted answer

1
permanent link
Dinesh Kumar B (4.1k413) | answered Oct 24 '17, 3:32 a.m.
JAZZ DEVELOPER

you may have missed running the following command for generating the .crt :

openssl x509 -req -days NNN -in proxy.csr -signkey proxy.key -out proxy.crt



Krzysztof Kaźmierczyk selected this answer as the correct answer
Comments
Krzysztof Kaźmierczyk commented Oct 24 '17, 5:47 a.m. | edited Oct 24 '17, 5:48 a.m.

Thanks Dinesh, It worked!

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.