HAProxy and Intermediate SSL Certificate Issue
Solution 1:
Correct order to include intermediate certificates:
-----BEGIN PRIVATE KEY-----
[Your private key]
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
[Your certificate]
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
[Intermidate#1 certificate]
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
[Intermidate#2 certificate]
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
[Root certificate]
-----END CERTIFICATE-----
awk 1 ORS='\\n' ~/your_path/cert.pem
copy string
and paste to docker-compose.yml
like that:
proxy:
image: tutum/haproxy
ports:
- "80:80"
- "443:443"
environment:
- "DEFAULT_SSL_CERT=-----BEGIN PRIVATE KEY-----\nMIIEvQIBADA......"
links:
- webapp
It's work for me.
Solution 2:
FWIW, I managed to get to the bottom of this. The issue was the delimiters I had used for the various certificates in my .pem
file.
The delimiter has to be exactly -----BEGIN/END CERTIFICATE-----
- no "INTERMEDIATE" or "ROOT" or any of that.
Also, the working .pem
for HAProxy includes all of the intermediate and root certificates in my chain - it seemed to be the only way to get them to all pick up.