It's all about the answers!

Ask a question

Installing a certificate on HA proxy fails with cat: ssl/proxy.crt: No such file or directory


Krzysztof Kaźmierczyk (7.4k35499) | asked Oct 24 '17, 3:23 a.m.
edited Oct 24 '17, 3:26 a.m.

Hi all,
I am trying to setup CLM cluster. At the stage of installing the certificate for haproxy I am getting the following error:

[root@mwcsrhel7 ~]# cd /etc/haproxy/
[root@mwcsrhel7 haproxy]#  openssl req -new -key "ssl/proxy.key" -out "ssl/proxy.csr"
Enter pass phrase for ssl/proxy.key:
unable to load Private Key
140057214654368:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:596:
140057214654368:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:483:
[root@mwcsrhel7 haproxy]#  openssl req -new -key "ssl/proxy.key" -out "ssl/proxy.csr"
Enter pass phrase for ssl/proxy.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.


Country Name (2 letter code) [XX]:PL State or Province Name (full name) []:IBM Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]:IBM Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:Rat1onal An optional company name []: [root@mwcsrhel7 haproxy]#  cat ssl/proxy.crt ssl/proxy.csr > ssl/proxy.pem cat: ssl/proxy.crt: No such file or directory [root@mwcsrhel7 haproxy]# ls ssl proxy.csr  proxy.key  proxy.pem


What did I do wrong?

Accepted answer


permanent link
Dinesh Kumar B (4.1k413) | answered Oct 24 '17, 3:32 a.m.
JAZZ DEVELOPER

you may have missed running the following command for generating the .crt :

openssl x509 -req -days NNN -in proxy.csr -signkey proxy.key -out proxy.crt



Krzysztof Kaźmierczyk selected this answer as the correct answer

Comments
Krzysztof Kaźmierczyk commented Oct 24 '17, 5:47 a.m. | edited Oct 24 '17, 5:48 a.m.

Thanks Dinesh, It worked!

Your answer


Register or to post your answer.