Zen Load Balancer is an excellent Debian Linux based load balancer installer.
If you have a decent spare PC, give a try. I plan on deploying it to a pair small form xeon rackmounts in front of my web application server farm.
In testing, I discovered I had used incorrect certificate (the build in one), once I applied correct cert and tried again, all was well.
I hope someone finds this useful.
- Lou
Login on to Zen LB at console or using Putty ssh client
I create a folder to hold my keys and csr's. I will later remove them and store else where since key will be created without a password.
Generates key in PEM format using openssl command. Done this way so password not required
openssl genrsa -out host_domain_com.key 2048
Generate certificate request file.
openssl -new -key host_domain_com.key -out host_domain_com.csr
I purchased cert from namecheap.com
Positive SSL already good to go certs are in PEM format
Rapid SSL Need to convert to PEM (each file, cert, intermediate and root)
After you get your certificate and intermediate certificate, be sure to get issuers root certificate.
All certs need to be in PEM format (Issued Cert, Intermediate cert and root cert)
To convert cert to PEM Format use openssl command. RapidSSL certs were already in PEM format (contrary to what I read in FAQ)
openssl x509 -in certFileName.cer -outform PEM -out convertedCertFileName.pem
When done you will have your private key, the certificate issued to you, an intermediate certificate and root cert.
Open Notepad and paste contents of each file one after the other in the following order
Private Key
Cert
Intermediate
Root
Example :
-----BEGIN RSA PRIVATE KEY-----
uiMTxBQnK9ApC5eq1mrBooECgYB4925pDrTWTbjU8bhb/7BXsjBiesBBVO43pDYL
1AOO5EEikir239UoFm6DQkkO7z4Nd+6Ier9fncpN1p1EZtqPxT64nsUTNow/z1Pp
nUVxhqt4DT+4Vp5S7D9FQ+HagbhVInQXKXtT7FNFhpIxpRy512ElSuWvrELiZOwe
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
wYDVR0fBDwwOjA4oDagNIYyaHR0cDovL3JhcGlkc3NsLWNybC5n
ZW90cnVzdC5jb20vY3Jscy9yYXBpZHNzbC5jcmwwHQYDVR0OBBYEFA8nu+rbiNqg
DYmhNE0IgXx6XRHiMAwGA1UdEwEB/wQCMAAwSQYIKwYBBQUHAQEEPTA7MDkGCCsG
gOYD8kmKOsxLRWeZo6Tn8
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
EgYDVR0TAQH/BAgwBgEB/wIBADA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3Js
Lmdlb3RydXN0LmNvbS9jcmxzL2d0Z2xvYmFsLmNybDA0BggrBgEFBQcBAQQoMCYw
JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdlb3RydXN0LmNvbTANBgkqhkiG9w0B
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
jOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-----END CERTIFICATE-----
2 comments:
Does it do this:
Client <--HTTPS--> ZEN <--HTTPS--> farm (servers)
Does it do this:
Client <--HTTPS--> ZEN <--HTTPS--> farm (servers)
Post a Comment