Zevenet Load Balancer - SSL Certificate

Question

I am really new to this so please be nice :)

I am wondering if anyone has any experience with Zevenet Load Balancers.

I have setup the community version (V4). I have 2 web servers with replicated content, I have a virtual IP setup in the system which points to the 2 IP addresses of the web servers. The load balancer works for HTTP and HTTPS traffic correctly but shows an cert error when trying to get to the servers via HTTPS.

I want to combat this by adding a certificate to the load balancer. To do this I have followed the these steps:

https://www.zevenet.com/knowledge-base/howtos/manage-certificates-with-zen-load-balancer/ (ignoring the bit about purchasing a cert from SofIntel as we use JISC for our Certs)

Basically I created a certificate in the load balancer, generated the CSR, purchased a certificate from JISC by uploading the CSR generated from the load balancer.

I then downloaded the ZIP file from JISC which contains the crt for the domain, as well as the root certificates required also in the ZIP.

I tried uploading the ZIP to the load balancer and it pops up an error showing that the certificate needs to be created in a PEM format.

I then found this here:

https://www.zevenet.com/knowledge-base/howtos/create-certificates-pem-format/

I am not really sure what this is asking me to do....does this mean the original CSR that I generated is irrelevant now? The instructions on the above link say that the PEM file needs to be the following:

-----BEGIN RSA PRIVATE KEY----- Private Key (without passphrase) -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- Certificate (CN=www.mydomain.com) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- Intermediate (Intermediate CA, if exists) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- Root (ROOT CA, who signs the Certificate) -----END CERTIFICATE-----

Essentially I already have the domain certificate, the intermediate and the root all from JISC now. But is there any way can go about getting the Private key from the load balancer so that I can just create the PEM file manually.

Sorry if this seems like a really stupid question, pretty new to cert stuff, not sure why it wont just let me upload the zip file.

if you have not found an answer to this issues, please try the steps below. 1- Delete lines with subject and issuer. 2- Add at the begining of the file the proper key file 3- Save the file with .pem extention Regards, — vwesoft, Dec 19 '17 at 16:23

score 0 · Answer 1 · answered May 06 '22 at 06:46

Great post.

I'm still a bit stuck.

I would like to configure the following setup:

Clients connect via HTTPS://frontend.mydom.com (= Zevenet LB VIP/DNS)
Zevenet should load balance these request to:
- HTTPS://backend1.mydom.com
- HTTPS://backend2.mydom.com
On the backend, each backend has a ssl certificate configured.

Assume frontend.mydom.com, backend1.mydom.com, and backed2.mydom.com are signed by the same root CA (no intermediate certificates). In that case, which certificates do I need to upload in Zevenet and how ?

Assume the backends are the following and are signed with a different root CA than the one that signed the Zevenet https://frontend.mydom.com

HTTPS://backend1.mydom2.com
HTTPS://backend2.mydom2.com In this setup, which certificates do I need to upload in Zevenet
To allow clients to connect via HTTPS to https://frontend.mydom.com ?
To allow Zevenet to connect via HTTPS to the two backends ?

Kr, EDH

score 0 · Answer 2 · answered Feb 20 '18 at 15:52

hoping you managed to get this sorted as its 8 Months on, but you need to extract the zip file into its component parts. Create a file which consists of the Private Key, followed by your certificate, followed by any intermediate certificates (certificate chain) down to the root cert. Just open them in a text editor and copy & paste to get this done as per the Zevenet example.

score 0 · Answer 3 · answered Dec 19 '19 at 15:48

I know this is an old thread, but I was stuck with this, and at last I figured it out, so this might help other people.

When you create a CSR from the GUI within the Zevenet web interface, it creates a file on the same Zevenet server named after your csr file. So, if you have the default installation of the Zevenet community edition, then the key file should be located under: '/usr/local/zevenet/config/'.

For example, if you created a csr called '2019.csr', then your key file will be called '2019.key'. Next, you need to open this file in a text editor and copy the content and add it at the beginning of the .pem file which you receive from your certificate authority, so the final pem will include:

-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

I hope this helps someone stuck with this like me :)

Zevenet Load Balancer - SSL Certificate

3 Answers3