ha_proxy issue, how to add cert into ssl_pem:

Home Messages Hashtags Subgroups

#568

ha_proxy issue, how to add cert into ssl_pem:

liuxiaoxi2237 #568 Hi Expert, What is the right format to add cert/private key into ssl_pem? My environment: BOSH 1.3016.0 CF-release：213 Stemcell: 3012 vSphere 5.5 u2 Ubuntu 14.04 bosh cli, VI to edit file. HA proxy part configuration in cf-deployment.yml A, When set ssl_pem as below properties: ha_proxy: disable_http: false ssl_ciphers: null ssl_pem: \|+ -----BEGIN CERTIFICATE----- MIIChTCCAe4CCQDPm3qYbkHm+DANBgkqhkiG9w0BAQsFADCBhjELMAkGA1UEBhMC …………………… -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCgy5XTU8Rct9+lZZswLlgm0SrnU8fiOmsV0H4BxmC2OX4GBeIu …………………………………………. -----END RSA PRIVATE KEY----- metron_agent: then RUN #bosh deployment cf-deployment.yml ERROR: “Incorrect YAML structure in `/home/david/cf-release/cf-deployment.yml': (<unknown>): found a tab character that violate intendation while scanning a plain scalar at line 66 column 16” B, when set ssl_pem as blow: properties: ha_proxy: disable_http: false ssl_ciphers: null ssl_pem: "-----BEGIN CERTIFICATE----- MIIChTCCAe4CCQDPm3qYbkHm+DANBgkqhkiG9w0BAQsFADCBhjELMAkGA1UEBhMC ……………………………………………………. -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCgy5XTU8Rct9+lZZswLlgm0SrnU8fiOmsV0H4BxmC2OX4GBeIu …………………………… -----END RSA PRIVATE KEY-----" then RUN #bosh deployment cf-deployment.yml , it work ok. Then run #bosh deploy ERROR “ha_proxy is not running after updating”. SSH to ha_proxy VM, find that “cert.pem” in /var/vcap/jobs/haproxy/config is in wrong format ----BEGIN CERTIFICATE-----MIIChTCCAe4CCQDPm3qYbkHm+DANBgkqhkiG9w0BAQsFADCBhjELMAkGA1UEBhMC ……………………………………………………. -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY-----MIICXAIBAAKBgQCgy5XTU8Rct9+lZZswLlgm0SrnU8fiOmsV0H4BxmC2OX4GBeIu …………………………… -----END RSA PRIVATE KEY----- Manual change cert.pem to below format, restart haproxy, it work fine. ----BEGIN CERTIFICATE----- MIIChTCCAe4CCQDPm3qYbkHm+DANBgkqhkiG9w0BAQsFADCBhjELMAkGA1UEBhMC ……………………………………………………. -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCgy5XTU8Rct9+lZZswLlgm0SrnU8fiOmsV0H4BxmC2OX4GBeIu …………………………… -----END RSA PRIVATE KEY----- So, what is the right format to add cert/private key into ssl_pem? Thanks David attachment.html attachment.html
More All Messages By This Member

View All 2 Messages In Topic

#568

Join cf-bosh@lists.cloudfoundry.org to automatically receive all group messages.

Home Hashtags Subgroups Terms