HaProxy SSL mutual authentication unable to load SSL certificate into SSL Context

Hi all,

I am new to HAProxy and today I run into an issue while trying to set HAProxy for mutual authentication.
Everything is running fine without SSL. I have 2 Web Servers behind the HAProxy server which is serving the content with the round robin method.

As a final setting I want to enable SSL and work with client certificates.

I used this commands to create the required certificates and keys:

Create the CA Key and Certificate for signing Client/Server Certs

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Create the Server Key, CSR, and Certificate

openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

Create PEM File

openssl rsa -in server.key -out nopassword.key
cat nopassword.key > server.pem
cat server.crt >> server.pem

A screenshot of the haproxy.cfg is attached where I have changes the bind to listen on Port 443 and use the server.pem.

Screenshot 2021-03-26 202337

After this when I try to start HAProxy I am getting this ALERT:

[NOTICE] 084/175611 (927549) : haproxy version is 2.4-dev13-c23b33-50
[NOTICE] 084/175611 (927549) : path to executable is ./haproxy
[ALERT] 084/175611 (927549) : parsing [haproxy.cfg:18] : ‘bind *:443’ : unable to load SSL certificate into SSL Context ‘./keys/server.pem’.
[ALERT] 084/175611 (927549) : Error(s) found in configuration file : haproxy.cfg
[ALERT] 084/175611 (927549) : Fatal errors found in configuration.

I have tried to find anything about this issue online, but without any success, so I really hope to get here some hints why this happend.

Thanks in advance…

Did you find a way to fix this?
We are trying to do the similar setup, mTLS AUTHENTICATION with help of HAProxy, HAProxy version 2.0.22 on Ubuntu 16.04 worked fine where as HAProxy version 2.0.23 on 20.04 failed with the exact above error.

Any pointers on this?

Hey bro,
could you solve this issue?
I have the same problem and it would be great if you can help me with it

Thanks in advance

This message make me think about a path issue. Did you try with the absolute path ? Where are stored your certs ?