Posted on 10-29-2018 10:43 AM
HAproxy needs a .pem format. JSS uses the Java Keystore format. How to convert from one to the other so I can get SSL Termination working with HAProxy?
I tried using the JAMF "CA Backup" in JSS. That downloads a .p12 file and then converting that but HAproxy won't load that.
Solved! Go to Solution.
Posted on 11-27-2018 08:40 AM
We got this working and I wanted to give an overview in case others are looking for the same info:
Generate a private Key on your LoadBalancer (LB). We are using HAProxy with openssl. (openssl genrsa -out /location of.key 2048)
Generate a CSR from your LB. We used a wildcard for the FQDN (*.domain.com). (openssl req -new -key /location of private.key -out /location of .csr)
cat the .csr and copy all text, then visit: https://JSSPrimary/pkiCertificateAuthorities.html, click Create Certificate from CSR button, paste into textbox, choose web certificate, should generate a .pem file.
Copy the .pem file to the LB.
Then concatenate the generated pem and the haproxy private key below:
cat /location of .pem /location of .key > /location of new .pem
You can now add the new .pem file to your LB config for use. (in HAProxy it is in /etc/haproxy/haproxy.cfg)
(frontend localhost
bind *:8443 ssl crt /location of new.pem)
Posted on 11-27-2018 08:40 AM
We got this working and I wanted to give an overview in case others are looking for the same info:
Generate a private Key on your LoadBalancer (LB). We are using HAProxy with openssl. (openssl genrsa -out /location of.key 2048)
Generate a CSR from your LB. We used a wildcard for the FQDN (*.domain.com). (openssl req -new -key /location of private.key -out /location of .csr)
cat the .csr and copy all text, then visit: https://JSSPrimary/pkiCertificateAuthorities.html, click Create Certificate from CSR button, paste into textbox, choose web certificate, should generate a .pem file.
Copy the .pem file to the LB.
Then concatenate the generated pem and the haproxy private key below:
cat /location of .pem /location of .key > /location of new .pem
You can now add the new .pem file to your LB config for use. (in HAProxy it is in /etc/haproxy/haproxy.cfg)
(frontend localhost
bind *:8443 ssl crt /location of new.pem)