satu

Gajah mati meninggalkan tulang
harimau mati meninggalkan belang
manusia mati meninggalkan nama

persiapkan klu kalian mati ingin meninggalkan apa ?

Friday, 11 January 2019

Create SSL haproxy

openssl genrsa -out eproc.iconpln.co.id.key 2048
openssl req -new -x509 -key eproc.iconpln.co.id.key -out eproc.iconpln.co.id.cert -days 36500
openssl req -new -key eproc.iconpln.co.id.key -out eproc.iconpln.co.id.csr



Country Name (2 letter code) [XX]:ID
State or Province Name (full name) []:Jakarta
Locality Name (eg, city) [Default City]:Jakarta
Organization Name (eg, company) [Default Company Ltd]:Iconpln.co.id
Organizational Unit Name (eg, section) []:Iconpln.co.id
Common Name (eg, your name or your server's hostname) []:saveit.iconpln.co.id
Email Address []:taufik.ramadhan.iconpln.co.id

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:


download dari generate digicert
5. Apache
Individual .crts ( zipped )

dapat 3 file

cat eproc_iconpln_co_id.crt eproc.iconpln.co.id.key > eproc5.pem

lalu file eproc5.pem bisa digunakan untuk di loadbalancer / dinginx / di apache

1. membuat key = eproc.iconpln.co.id.key
2. dari key -> eproc.iconpln.co.id.cert
3. dari key -> eproc.iconpln.co.id.csr
4. csr upload ke digicert
5. download individual certs(zip)
6. cat eproc_iconpln_co_id.crt(yang dapat dari digicert) + eproc.iconpln.co.id.key -> eproc5.pem
7. maka dapat digunakan eproc5.pem




eproc_iconpln_co._id.Crt = dari digicert 

intermediate certificate

eproc.iconpln.co.id.key Private key dari server sendiri


Isseu troubleshoot

Solution found on one of the blogs is:

link referensi =
https://www.codegravity.com/blog/letsencrypt-chain-issue-incomplete-haproxy-problem
 
Link Refernsi = 
https://jamielinux.com/docs/openssl-certificate-authority/create-the-intermediate-pair.html

You need to combine:
1. Your certificate (fullchain.pem)
2. Intermediate certificate (https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem)
3. Private key (privkey.pem)
into one file
HaProxy has to be configured against this certificate:
bind 231.1.2.19:443 ssl crt /etc/letsencrypt/live/yourdomain.com/yourdomain.com.pem
Then, the SSLLabs service reports A-grade with no errors

1.


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)