Hello Anilton, In the "bind *:443" line, do not specify a PEM file directly, but only the directory where your PEM file(s) resides. Also, make sure that both the certificate and private key are contained within the same PEM file.
It should look like this: -----BEGIN CERTIFICATE----- xxx -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- xxx -----END PRIVATE KEY----- BR., Emerson Em qua., 7 de jul. de 2021 às 14:47, Anilton Silva Fernandes < [email protected]> escreveu: > Hi there. > > > > Can I get some help from you. > > > > I’m configuring HAProxy as a frontend on HTTPS with centified and I want > clients to be redirect to BACKEND on HTTPS as well (443) but I want clients > to see only HAProxy certificate, as the backend one is not valid. > > > > Bellow the schematic of my design: > > > > > > > > So, on > > > > This is the configuration file I’m using: > > > > [image: frontend haproxy mode http bind *:80 bind *:443 ssl crt > /etc/ssl/cvt.cv/accounts_cvt.pem default_backend wso2 backend wso2 mode > http option forwardfor redirect scheme https if !{ ssl_fc } server my-api > 10.16.18.128:443 check ssl verify none http-request set-header > X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto > https if { ssl_fc }] > [image: frontend web_accounts mode tcp bind 192.168.1.214:443 > default_backend accounts_servers frontend web_apimanager mode tcp bind > 192.168.1.215:443 default_backend apimanager_servers backend > accounts_servers balance roundrobin server accounts1 10.16.18.128:443 check > server accounts2 10.16.18.128:443 check backend apimanager_servers balance > roundrobin server accounts1 10.16.18.128:443 check server accounts2 > 10.16.18.128:443 check] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > The first one is what works but we got SSL problems due to invalid > certificates on Backend; > > > > The second one is what we would like, but does not work and says some > erros: > > [ALERT] 187/114337 (7823) : parsing [/etc/haproxy/haproxy.cfg:85] : 'bind > *:443' : unable to load SSL private key from PEM file '/etc/ssl/ > cvt.cv/accounts_cvt.pem'. > > [ALERT] 187/114337 (7823) : Error(s) found in configuration file : > /etc/haproxy/haproxy.cfg > > [ALERT] 187/114337 (7823) : Proxy 'haproxy': no SSL certificate specified > for bind '*:443' at [/etc/haproxy/haproxy.cfg:85] (use 'crt'). > > [ALERT] 187/114337 (7823) : Fatal errors found in configuration. > > Errors in configuration file, check with haproxy check. > > > > > > This is on CentOS 6 > > > > Thank you > > > > > > > > > > Melhores Cumprimentos > > > > *Anilton Fernandes | Plataformas, Sistemas e Infraestruturas* > > Cabo Verde Telecom, SA > > Group Cabo Verde Telecom > > Rua Cabo Verde Telecom, 1, Edificio CVT > > 198, Praia, Santiago, República de Cabo Verde > > Phone: +238 3503934 | Mobile: +238 9589123 | Email – > [email protected] > > > > [image: cid:[email protected]] > > > > >
