How to Generate CSR in OpenSSL and SSL Certificate Installation on HAProxy on Linux.

How to generate CSR and private Key – OpenSSL

 

Make directory for CSR and private key.

root@loadbalancer:mkdir –p /etc/ssl/certs/pem/CSRandPrivateKey

root@loadbalancer:cd /etc/ssl/certs/pem/CSRandPrivateKey

root@loadbalancer:/etc/ssl/certs/pem/CSRandPrivateKey# openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privatekey.key

Generating a 2048 bit RSA private key

……………………+++

………………………………………….+++

writing new private key to ‘privatekey.key’

—–

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [AU]:TR

State or Province Name (full name) [Some-State]:Istanbul

Locality Name (eg, city) []:Maslak

Organization Name (eg, company) [Internet Widgits Pty Ltd]:Turizm Kampanyları Ltd.

Organizational Unit Name (eg, section) []:

Common Name (e.g. server FQDN or YOUR name) []:*.turizmkampanylari.com

Email Address []:

 

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

root@loadbalancer:/etc/ssl/certs/pem/CSRandPrivateKey# ll

total 20

drwxr-xr-x 2 root root 4096 Dec 23 15:12 ./

drwxr-xr-x 3 root root 4096 Dec 23 15:08 ../

-rw-r–r– 1 root root 1001 Dec 23 14:28 CSR.csr

-rw-r–r– 1 root root 1704 Dec 23 14:28 privatekey.key

After that you will send CSR.csr file to Certificate Authorities (like globalsign).Globalsign will send it back to you turizmk.crt extension file.

Create .pem file to install to Haproxy loadbalancer:

root@loadbalancer:/etc/ssl/certs/pem/CSRandPrivateKey# cat privatekey.key turizmk.crt > /etc/ssl/certs/pem/turizmk.pem

root@loadbalancer:/etc/ssl/certs/pem/CSRandPrivateKey# vi /etc/haproxy/haproxy.cfg 

frontend HTTPS_NLB
bind *:443 ssl crt /etc/ssl/certs/pem/turizmk.pem
reqadd X-Forwarded-Proto:\ https
rspadd Strict-Transport-Security:\ max-age=31536000

root@loadbalancer:/etc/ssl/certs/pem/CSRandPrivateKey# service haproxy restart
* Restarting haproxy haproxy
…done.

 

 

 

Advertisements