I am new to HAProxy and today I run into an issue while trying to set HAProxy for mutual authentication.
Everything is running fine without SSL. I have 2 Web Servers behind the HAProxy server which is serving the content with the round robin method.
As a final setting I want to enable SSL and work with client certificates.
I used this commands to create the required certificates and keys:
Create the CA Key and Certificate for signing Client/Server Certs
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Create the Server Key, CSR, and Certificate
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
Create PEM File
openssl rsa -in server.key -out nopassword.key
cat nopassword.key > server.pem
cat server.crt >> server.pem
A screenshot of the haproxy.cfg is attached where I have changes the bind to listen on Port 443 and use the server.pem.
After this when I try to start HAProxy I am getting this ALERT:
[NOTICE] 084/175611 (927549) : haproxy version is 2.4-dev13-c23b33-50
[NOTICE] 084/175611 (927549) : path to executable is ./haproxy
[ALERT] 084/175611 (927549) : parsing [haproxy.cfg:18] : ‘bind *:443’ : unable to load SSL certificate into SSL Context ‘./keys/server.pem’.
[ALERT] 084/175611 (927549) : Error(s) found in configuration file : haproxy.cfg
[ALERT] 084/175611 (927549) : Fatal errors found in configuration.
I have tried to find anything about this issue online, but without any success, so I really hope to get here some hints why this happend.
Thanks in advance…