Convert pfx to pem

Rather than use the certificate creation tools on Linux for web servers, I find it quicker and less error prone to create the certificate on Windows and then convert to pem format on the Linux server, this is particularly useful for internal certificates…

So, create the certificate on Windows and export it as a pfx file noting the password that you used

copy the pfx file onto the Linux box

create the pem

openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out certificate.pem

create the key file

openssl pkcs12 -in certificate.pfx -nocerts -nodes -out certificatekeypass.key

to enable the key file to be used without entering a password (useful for a webserver…), remove the password

openssl rsa -in certificatekeypass.key -out certificatekey.key

you can now use the certificate.pem and certificatekey.pem in the web server configuration

To use crt files instead of pem files

export the certificate

openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out certificate.crt

create the key file

openssl pkcs12 -in certificate.pfx -nocerts -nodes -out certificatekeypass.key

to enable the key file to be used without entering a password (useful for a webserver…), remove the password

openssl rsa -in certificatekeypass.key -out certificatekey.key

Building HAProxy from GIT on Ubuntu 12.04

Starting with a base install of Ubuntu 12 with openssh installed

As HAProxy will be built from source, there are some pre-reqs

sudo apt-get install build-essential libssl-dev libpopt-dev git libpcre3-dev

now get the haproxy source and build it

git clone http://git.1wt.eu/git/haproxy.git/ haproxy
cd haproxy
make TARGET=linux2628 CPU=native USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
sudo make install

link it from /usr/local/sbin to /usr/sbin

sudo ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy

Create the directory to use

sudo mkdir /usr/share/haproxy

now configure HAProxy to start automatically, create the init file as per attached file init.d.haproxy.txt

sudo nano /etc/init.d/haproxy

make it executable

sudo chmod +x /etc/init.d/haproxy

now set the runlevels

sudo update-rc.d haproxy defaults

Now create the file that enables it

sudo nano /etc/default/haproxy
# Set ENABLED to 1 if you want the init script to start haproxy.
ENABLED=1
# Add extra flags here.
#EXTRAOPTS="-de -m 16"

add a haproxy user

sudo adduser --system haproxy

copy the rest of the files into place

sudo mkdir /etc/haproxy
sudo mkdir /etc/haproxy/errors
sudo cp ~/haproxy/examples/errorfiles/* /etc/haproxy/errors

The build can be updated with

cd ~/haproxy
git pull
make clean
make TARGET=linux2628 CPU=native USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
sudo make install

Then restarting haproxy to use the updated version

sudo service haproxy restart