Haproxy 1.5.3 / OpenSSL - Creating PEM

I have an HAProxy Server set up with the line:

bind *:443 ssl crt /etc/ssl/domain.com/domain.com.pem

I have the following files:

/etc/ssl/domain.com/domain.com.key

/etc/ssl/domain.com/domain.com.csr

I have purchased a certificate from Geotrust which gives me a Primary Intermediate Certificate, Secondary Intermediate Certificate and End Entity Certificate

I have concatenated the files, in PIC, SID, EEC, KEY order in to /etc/ssl/domain.com/domain.com.pem which passes openssl verify /etc/ssl/domain.com/domain.com.pem and openssl verify -CAfile /etc/ssl/domain.com/domain.com.pem /etc/ssl/domain.com/domain.com.pem

I have also verified this file using http://www.sslshopper.com/certificate-decoder.html

When I run haproxy -f /etc/haproxy/haproxy.cfg -c I get

'bind *:443 : inconsistencies between private key and certificate loaded from PEM file '/etc/ssl/domain.com/domain.com.pem'

Proxy 'http-in': no SSL certificate specified for bind '*:443' at [/etc/haproxy/haproxy.cfg] (use 'crt')

I am new to SSL Certificates and I'm stuck where to go. Googling for answers has had me run a merry mile and I'm no further forward.

Have I done something wrong in creating the .pem file this way and how can I resolve this?

Solution 1:

Resolved.

I needed to create the PEM in order KEY, EEC, SID, PID instead of PID, SID, EEC, KEY