Haproxy cannot load ssl private key

Question

Haproxy cannot load ssl private key

I have a problem with haproxy 1.5.2 on centos 7. I created a pem file containing the private key and a self-signed certificate, but when configured, haproxy cannot start.

When I have certificates in this order:

-----BEGIN PRIVATE KEY----
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

The following error message appears:

Feb 20 14:27:29 test.net haproxy-systemd-wrapper[2217]: [ALERT] 050/142729 (2218) : Proxy 'test': no SSL certificate specified for bind '*:443' at [/etc/haproxy/haproxy.cfg:64] (use 'crt').
Feb 20 14:27:29 test.net haproxy-systemd-wrapper[2217]: [ALERT] 050/142729 (2218) : Fatal errors found in configuration.
Feb 20 14:27:29 test.net haproxy-systemd-wrapper[2217]: haproxy-systemd-wrapper: exit, haproxy RC=256
Feb 20 14:30:11 test.net systemd[1]: Starting HAProxy Load Balancer...
Feb 20 14:30:11 test.net systemd[1]: Started HAProxy Load Balancer.
Feb 20 14:30:11 test.net haproxy-systemd-wrapper[2253]: haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
Feb 20 14:30:11 test.net haproxy-systemd-wrapper[2253]: [ALERT] 050/143011 (2254) : OpenSSL random data generator initialization failed.

If I have it in the following order:

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY----
-----END PRIVATE KEY-----

I get the following error:

Feb 20 14:30:11 test.net haproxy-systemd-wrapper[2253]: [ALERT] 050/143011 (2254) : Fatal errors found in configuration.
Feb 20 14:30:11 test.net haproxy-systemd-wrapper[2253]: haproxy-systemd-wrapper: exit, haproxy RC=256
Feb 20 14:36:45 test.net systemd[1]: Starting HAProxy Load Balancer...
Feb 20 14:36:45 test.net systemd[1]: Started HAProxy Load Balancer.
Feb 20 14:36:45 test.net haproxy-systemd-wrapper[2292]: haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
Feb 20 14:36:45 test.net haproxy-systemd-wrapper[2292]: [ALERT] 050/143645 (2293) : parsing [/etc/haproxy/haproxy.cfg:64] : 'bind *:443' : unable to load SSL private key from PEM file '/etc/haproxy/certs/haproxy.pem'.

The configuration of my interface is as follows:

frontend test
        bind *:443 ssl crt /etc/haproxy/certs/haproxy.pem
        mode http
        default_backend testnodes

What am I doing wrong?

+4

ssl haproxy

Muffe Feb 20 '15 at 14:41

source share

No one has answered this question yet.

See similar questions:

21

haproxy - unable to load SSL private key from PEM file

or similar:

81

"Public key certificate and private key do not match" when using Godaddy certificate

79

How to convert private key to RSA private key?

21

haproxy - unable to load SSL private key from PEM file

fifteen

Haproxy ssl configuration - installing the root and intermediate certificate

3

HAproxy SSL Segfault with 1.5-dev17

2

How to protect HAProxy SSL certificates as a service?

2

HAProxy 1.5-dev19 Failed to load SSL certificate

0

HAProxy load balancer: Peer issuer not recognized

0

HAProxy on Centos 7

0

Haproxy bind command enable cipher in haproxy.cfg file

Haproxy cannot load ssl private key

More articles: