Re: ha_proxy issue, how to add cert into ssl_pem:

Home Messages Hashtags Subgroups

#577

Re: ha_proxy issue, how to add cert into ssl_pem:

CF Runtime #577 The first format is normally easier to read. To be valid YAML, ensure there are only spaces for indentation, and not tab characters. The second format will also work, but you need to make double line breaks between each line: properties: ha_proxy: ssl_pem: "-----BEGIN CERTIFICATE----- MIIChTCCAe4CCQDPm3qYbkHm+DANBgkqhkiG9w0BAQsFADCBhjELMAkGA1UEBhMC ……………………………………………………. -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCgy5XTU8Rct9+lZZswLlgm0SrnU8fiOmsV0H4BxmC2OX4GBeIu …………………………… -----END RSA PRIVATE KEY-----" Joseph OSS Release Integration Team toggle quoted messageShow quoted text On Fri, Jul 24, 2015 at 8:42 AM, Liu, David <David.G.Liu(a)emc.com> wrote: Hi Expert, What is the right format to add cert/private key into ssl_pem? My environment: BOSH 1.3016.0 CF-release：213 Stemcell: 3012 vSphere 5.5 u2 Ubuntu 14.04 bosh cli, VI to edit file. HA proxy part configuration in cf-deployment.yml A, When set ssl_pem as below properties: ha_proxy: disable_http: false ssl_ciphers: null ssl_pem: \|+ -----BEGIN CERTIFICATE----- MIIChTCCAe4CCQDPm3qYbkHm+DANBgkqhkiG9w0BAQsFADCBhjELMAkGA1UEBhMC …………………… -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCgy5XTU8Rct9+lZZswLlgm0SrnU8fiOmsV0H4BxmC2OX4GBeIu …………………………………………. -----END RSA PRIVATE KEY----- metron_agent: then RUN #bosh deployment cf-deployment.yml ERROR: “Incorrect YAML structure in `/home/david/cf-release/cf-deployment.yml': (<unknown>): found a tab character that violate intendation while scanning a plain scalar at line 66 column 16” B, when set ssl_pem as blow: properties: ha_proxy: disable_http: false ssl_ciphers: null ssl_pem: "-----BEGIN CERTIFICATE----- MIIChTCCAe4CCQDPm3qYbkHm+DANBgkqhkiG9w0BAQsFADCBhjELMAkGA1UEBhMC ……………………………………………………. -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCgy5XTU8Rct9+lZZswLlgm0SrnU8fiOmsV0H4BxmC2OX4GBeIu …………………………… -----END RSA PRIVATE KEY-----" then RUN #bosh deployment cf-deployment.yml , it work ok. Then run #bosh deploy ERROR “ha_proxy is not running after updating”. SSH to ha_proxy VM, find that “cert.pem” in /var/vcap/jobs/haproxy/config is in wrong format ----BEGIN CERTIFICATE-----MIIChTCCAe4CCQDPm3qYbkHm+DANBgkqhkiG9w0BAQsFADCBhjELMAkGA1UEBhMC ……………………………………………………. -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY-----MIICXAIBAAKBgQCgy5XTU8Rct9+lZZswLlgm0SrnU8fiOmsV0H4BxmC2OX4GBeIu …………………………… -----END RSA PRIVATE KEY----- Manual change cert.pem to below format, restart haproxy, it work fine. ----BEGIN CERTIFICATE----- MIIChTCCAe4CCQDPm3qYbkHm+DANBgkqhkiG9w0BAQsFADCBhjELMAkGA1UEBhMC ……………………………………………………. -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCgy5XTU8Rct9+lZZswLlgm0SrnU8fiOmsV0H4BxmC2OX4GBeIu …………………………… -----END RSA PRIVATE KEY----- So, what is the right format to add cert/private key into ssl_pem? Thanks David _______________________________________________ cf-bosh mailing list cf-bosh(a)lists.cloudfoundry.org https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh attachment.html
More All Messages By This Member

View All 2 Messages In Topic

#577

Join cf-bosh@lists.cloudfoundry.org to automatically receive all group messages.

Home Hashtags Subgroups Terms