HAProxy and Intermediate SSL Certificate Issue

Solution 1:

Correct order to include intermediate certificates:

-----BEGIN PRIVATE KEY----- [Your private key] -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- [Your certificate] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [Intermidate#1 certificate] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [Intermidate#2 certificate] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [Root certificate] -----END CERTIFICATE-----

awk 1 ORS='\\n' ~/your_path/cert.pem

copy string

and paste to docker-compose.yml like that:

proxy: image: tutum/haproxy ports: - "80:80" - "443:443" environment: - "DEFAULT_SSL_CERT=-----BEGIN PRIVATE KEY-----\nMIIEvQIBADA......" links: - webapp

It's work for me.

Solution 2:

FWIW, I managed to get to the bottom of this. The issue was the delimiters I had used for the various certificates in my .pem file.

The delimiter has to be exactly -----BEGIN/END CERTIFICATE----- - no "INTERMEDIATE" or "ROOT" or any of that.

Also, the working .pem for HAProxy includes all of the intermediate and root certificates in my chain - it seemed to be the only way to get them to all pick up.