0

I think there are a simple answer for this but I don't find it. We have a haproxy server running and some ssl certificates working fine for some sites, normally I generate the csr with this command(in haproxy):

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

But in this case we buy a UCC SSL Certificate in godaddy and when I provide the csr to generate the certificate the form tell me that csr doesn't has a common name. I was reading, and normally when you use openssl to create a new csr and new key, the command ask you for some data, but not in my case. The question is, Can I still using haproxy to handle the ssl? or I need to generate the csr in the target server? Thanks

Julio
  • 29
  • 2
  • 9

1 Answers1

0

Well, after research about haproxy and ucc ssl, I decided to try something, I generate the .csr in another basic server providing the common name when openssl ask for that, I created the certificate in godaddy and then I rekey with the haproxy, not the short way but it's working fine,

Julio
  • 29
  • 2
  • 9
  • why not use SNI and Letsencrypt? http://blog.haproxy.com/2012/04/13/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/ – Jacob Evans Dec 14 '16 at 17:40
  • I'm not sure what do you mean(the problem was generating the cert.), you can see the config of haproxy and guess how we are working http://serverfault.com/questions/820114/gitlab-behind-haproxyssl?noredirect=1#comment1044202_820114, I think it's the same idea but we are working in the L7, can you explain me please? – Julio Dec 14 '16 at 21:35