*** BELOW WAS WRITTEN BY NODE4 - WE'VE NOT USED THE INSTRUCTIONS OUR SELF YET, WHEN IT'S TIME TO DO THIS FOR THE FIRST TIME, I'LL GET THEM TO GO THROUGH IT WITH US ***


Things that are required:

  • Linux on your machine eg. Ubuntu
  • Filezilla
  • pfx_2_haproxy_pem sh file (Will be attached)
  • The PFX certificate and password for certificate

 

Steps:

  • Open up Ubuntu and mount the file path where the certificate and the sh file are placed. E.g cd "/mnt/c/Users/McCairnC/OneDrive - Node4 Ltd/Secura/SSL"

 

  • Once the file path is mounted, run the command ./pfx_2_haproxy_pem.sh insertcertname.pfx  and enter the password for the certificate twice. This will create a number of files in the folder where the pfx certificate is and the sh file.

The files created will be the following:

  • Insertcertname.key
  • Insertcertname.pem
  • Insertcertname.pfx_haproxy.pem (this is the one we need)
  • Insertcertname.rsa.server.key

 

  • Open up Filezilla and set up the connection to both HAProxys with the connection:

 

Sii-haproxy-01:

  • Protocol – SFTP – SHH File Transfer Protocol
  • Host: sii-haproxy-01.server.securacloud.com
  • Port: 22
  • Username and password is your own

Sii-haproxy-02:

  • Protocol – SFTP – SHH File Transfer Protocol
  • Host: sii-haproxy-02.server.securacloud.com
  • Port: 22
  • Username and password is your own

 

 

 

  • As your accounts will probably have admin access to both Haproxys, you can go to the file path on the remote site (right hand pane on filezilla) - /etc/ssl/certs/live and drag the Insertcertname.pfx_haproxy.pem and place it in the right hand pane.


  • The old cert must be moved out of the live folder and can be placed into the /etc/ssl/certs/backups folder just in case there is any issues, so the cert can be rolled back.


  • Repeat Step 4 + 5 for sii-haproxy-02



  • Once logged in, type sudo su and you will become the root user.


  • Enter the command – service haproxy reload , this will reload the certificates on the Haproxy and update them.


  • Repeat steps 7,8 and 9 for sii-haproxy-02

 

  • Check the certificates validity on a website and you are done.

 

 

Errors that can occur

 

Unable to read certificate due to file permissions:

  1. When connected to the Linux VM, go to where the file is placed i.e /etc/ssl/certs/live and run the command chmod 644 insertcertname.pfx_haproxy.pem

  2. This will give the certificate Read/Write permissions and the user will be able to then read the certificate.