cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Self-signed and 3rd party SSL certificate installation in CMX 10.2.x

3048
Views
20
Helpful
0
Comments

Introduction

This document describes the installation of self-signed and 3rd party signed certificates in CMX 10.2.x.

Installing a self-signed certificate

[cmxadmin@cmx]$ su -
Password:
[root@cmx]# cd /opt/haproxy/ssl/
[root@cmx]# mkdir newcert
[root@cmx]# cd newcert
[root@cmx newcert]# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /opt/haproxy/ssl/newcert/private.key -out /opt/haproxy/ssl/newcert/cert.crt
Generating a 2048 bit RSA private key
....................................................................+++
.......................................................+++
writing new private key to '/opt/haproxy/ssl/newcert/private.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:BE
State or Province Name (full name) []:Brussels
Locality Name (eg, city) [Default City]:Brussels
Organization Name (eg, company) [Default Company Ltd]:Cisco
Organizational Unit Name (eg, section) []:TAC
Common Name (eg, your name or your server's hostname) []:cmx.example.com
Email Address []:cmx@example.com 
[root@cmx newcert_byserge]# ls
cert.crt  private.key
[root@cmx newcert_byserge]# cat cert.crt private.key | tee cert.pem
-----BEGIN CERTIFICATE-----
MIID8TCCAtmgAwIBAgIJAOWdn/1xqQKNMA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD
VQQGEwJCRTERMA8GA1UECAwIQnJ1c3NlbHMxETAPBgNVBAcMCEJydXNzZWxzMQ4w
DAYDVQQKDAVDaXNjbzEMMAoGA1UECwwDVEFDMRgwFgYDVQQDDA9zZXJnZWNhc0B0
ay5jb20xITAfBgkqhkiG9w0BCQEWEnN5YXNtaW5lQGNpc2NvLmNvbTAeFw0xNTEx
MjYxMDU0MzlaFw0xNjExMjUxMDU0MzlaMIGOMQswCQYDVQQGEwJCRTERMA8GA1UE
CAwIQnJ1c3NlbHMxETAPBgNVBAcMCEJydXNzZWxzMQ4wDAYDVQQKDAVDaXNjbzEM
MAoGA1UECwwDVEFDMRgwFgYDVQQDDA9zZXJnZWNhc0B0ay5jb20xITAfBgkqhkiG
9w0BCQEWEnN5YXNtaW5lQGNpc2NvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKOwDC5Y/dRCTSp8mnL40M0QXvrLjzsb2U9++oUsB+e7g0pYlTqp
PaPK9KEem17WhoYMqFJ4+AXvuRxsY8ElT/cEs0BfM38QDzDxc42X6TBe7eiFX+MH
WODwk3p3sGLbdVWckWViz99b3eMnPoRdlXPQhQS/LVZcCiNdoHQdwwyPQ321O7gF
x1FVHcjLpUE4FmqhvIttcPypwEMoq/3s1tOP3OiJkB9Doy7wrEF+bKHEi6b8N453
jwY7OQG7wLrKBRz7QFXxWWurxb3PBOtQohWJ16e2aABUDBq9Ata02BVxPaw+dfrC
XCq5Yc8mmDxqc+B7THOPdN9jLzhenMiRJrECAwEAAaNQME4wHQYDVR0OBBYEFGQu
ZDeZNoTENM4cO8NNzEdU421cMB8GA1UdIwQYMBaAFGQuZDeZNoTENM4cO8NNzEdU
421cMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGL7U4Ls/3bj11dd
5O0IluEbxPF+SPId+C+dM7BWEf6deeby+b2KwjmsV0k9CFw9Hs0lqOen5LbnqtzN
3rDWqpkAiaXxKUR34oUONgdnjuCQZwRaTpzQmB0CzwGqu5JuoNSHNtvfOtTErKRH
oNt6ZlDt/poPTdoj2cUWFrPS7FTkre+lTmKXPORPYoq/vteYtjde5geW6dAV98CQ
3HL+FDeWGmQDSwnDQcnANUh88cR3HQge5hx5rLLof/xHExrkx/e19Jmw+ft92AC1
sbPb6dR/svR7Gl7jRyzoO4AMaqlZloHgiXq3Su8OqcV9MP6k3ArOkUjHzhGX+fLw
8wIsYX8=
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCjsAwuWP3UQk0q
fJpy+NDNEF76y487G9lPfvqFLAfnu4NKWJU6qT2jyvShHpte1oaGDKhSePgF77kc
bGPBJU/3BLNAXzN/EA8w8XONl+kwXu3ohV/jB1jg8JN6d7Bi23VVnJFlYs/fW93j
Jz6EXZVz0IUEvy1WXAojXaB0HcMMj0N9tTu4BcdRVR3Iy6VBOBZqobyLbXD8qcBD
KKv97NbTj9zoiZAfQ6Mu8KxBfmyhxIum/DeOd48GOzkBu8C6ygUc+0BV8Vlrq8W9
zwTrUKIVidentmgAVAwavQLWtNgVcT2sPnX6wlwquWHPJpg8anPge0xzj3TfYy84
XpzIkSaxAgMBAAECggEAYlO2fYDnuUG6qPMAtF/SzdwvseflulQYTjCwvJ6egQ2a
6GYd/ob7iBC6sq54Fpg3Zv7jfec81hQS1oglxDhtuK0SIHEPthwng/cGut+uLGhZ
8XttBiu7sCPT85VCV6AM88iBbq3UwQ+mUnWYkFrHFDMGNLvCuEXBsUzkvdvC9x+C
GvtXBLERJJmLbGh4kyEPFUiTYzXBOTsh+oRaZ5gh4YLicV6a5Cjwu8wm/xZlLwbZ
NKCD1RYxAZ7vxASU5Lagi72hIZM5r9kDlDj2zhzdPGo/+R5fIPN92UWjur9r5QM0
9+LU+qeTbjdNojOnYrckBStGySx2+r22FLkWBKcqIQKBgQDSibalRqpMxgZENBfo
RsgHP532AB7cufaDkjEV+vmLupExZ9yRRIwIrqZ7XYkdFRCHTCFt5zrzN8bz5nO5
OdigOZ1Ae7yACmwsSmyBACbNrcVpwE4gcckVzw/V2xT+c331rCEd2tzDivIC7Dr0
7s8D3J4zq+KwGEguCYXiPCUh3wKBgQDHCIH7as1RGQzizVQkN+rDvzo8+TjOHZSF
9BYXQqknCSYuT2d3bFqOdAhqxRL8zKn5qvUOSSr8TvLh4aowVR4ZSO0HMVCbjs1W
QZ9PLKKaVyz3Awqwv+UFF0SG7SROjJM8YSMI9qp1rgPY3jrotgZZ02I/TJ8wn9m2
NBsx5s1pbwKBgGf0FVm/7YBg2mE8s309zbA+ihkX8CUeMQi/2zq2JBcI9H3HgZG8
ncP/sDYDdhsE9pdHUM46ONI0fSiaZhNT65EZQXrAXc9+1fB8gtyjHYW6wlm32RuN
8zKwfWojdVc54Ty3U9aw5QYsCdjFmUqsy0xl1zs+KHy4UJNioleVSORTAoGAaA+5
rhLsID+hrh8+o+UceJXNxD1lhtaOZe71cdnniMJO1R2s8hKT0jE2iWRahhQXtrK8
h2iX8ezxLkqHadfG8d9gFkehZoOmNjf/LC0hIuL7XnaXq0vZWO0OZiEsv2jePk5n
O/ODsh12Y3flgvBQp7xOfNv5yzl4Ybwij9elhD8CgYAr1K7aM6YZnlHaIL0my37Y
cqYE5/EUaLSng33Rk65krS6k1xFKwRXbq0Nmzln7iWnWA5EMr5WWDKASqJ35niYm
9PIqda0jCDcjTBIbJ9SVmQ8E0I6A7WRrqDc9CLY2JjY8KnB1RC9sJ936AErcKiOj
cudhWiCshs6n9Tmfsw6LJQ==
-----END PRIVATE KEY-----

[root@cmx newcert]# ls
cert.crt  cert.pem  private.key
[root@cmx newcert]# cmxctl node sslmode enable --pem /opt/haproxy/ssl/newcert/cert.pem
enabling ssl
ssl enabled
[root@cmx newcert]#reboot

Installing a 3rd party signed certificate

Generate the certificate signing request.

[cmxadmin@cmx]$ su -
Password:
[root@cmx]# cd /opt/haproxy/ssl/
[root@cmx]# mkdir newcert
[root@cmx]# cd newcert

[root@cmx newcert]#openssl req -nodes -days 365 -newkey rsa:2048 -keyout /opt/haproxy/ssl/newcert/private.key -out /opt/haproxy/ssl/newcert/cert.crt

Get the certificate signed by the 3rd party CA.

Create the certificate chain for import into CMX.

Proper format for signed ssl Certificate:

-----BEGIN RSA PRIVATE KEY----- < Your Private Key
MIIEpAIBAAKCAQEA2gXgEo7ouyBfWwCktcYo8ABwFw3d0yG5rvZRHvS2b3FwFRw5
...snipped
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE----- < Your CMX server signed SSL certificate
MIIFEzCCAvugAwIBAgIBFzANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
...snipped
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- < Your intermediate CA certificates
...snipped
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- < The root CA certificate that signed your certificate above
MIIGqjCCBJKgAwIBAgIJAPj9p1QMdTgoMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
...snipped
-----END CERTIFICATE-----

Full example:

-----BEGIN RSA PRIVATE KEY-----

MIIEpAIBAAKCAQEAuRPbZqm6JlTR6FCvWF8PejHF+HpTTrwgypqty4mviw78gC2G
TGrIYdA2eErpj1UCYVc/0rm5OU68Qr0X2DUm1lukopXgTF3dWtg8FZ77sj8+RN8L
YAaHySHJc9tRF8QUDB8zyHryXSM/5aw1z1F+4DSMP5nVYoZroiM+WXhP3BYFvyHm
nBbgOKZ8Zmln0idJMu8qI53/HfH3pNsuFjR9sCh+jbIEpUh9Jt54jifcFFUY+7Xt
GJ7GVjyCsGKFHWx6EgrCOb4uqS1crEUjO9/vDlp6M559F1hMQRHkAY5sSFDq5qY+
XEPY7mopyQmNBRZxWgOogtQ2fsK1XFDZ4ZBW0QIDAQABAoIBAQCklWv+l+DaRYOF
PHsx8xcoayrKFL4QvmvKwFLdNcvNtb4FnnZXbn5TvX0y7CtXMxmyxowTMOXueH4i
O1YBBwNKjKSTkQSt5Kr8Jl8IOyFJGcSeKltLQYNu8YTcaqRqpgvN29GI7wyolrgz
3jjb7HUPnKs7w+lmfHMq9Hx1w/AAnm/Fb7/sXUww80cdfGFHlYfqBvC5FJKe3N/f
sg5Npjhaqrvs9bsd7MUKu5LjcdUN9nVWU604NWaMJHUQPoHmf3vwNND4l1YDbGS7
Aj8exOW4+2WKYz9c9Ry1qivkIgnneGUvaI3mR4Z0Rc+lJckie+UhfttHxz4DmO4M
pEw5wjIhAoGBAPEQfmDSme8Ur9V6zNaXtcaAL77JozNuSyEzpvSduUf4HLTJBY34
U4V6AWyQR2koSZON2tBbuC8s/D2cas2A1htoD8fflL/dWefoJmNzOTyyjQNKepf0
NfEOvGKQdOpI/DG62ngxbT5zkUspV/qSxdQw9xZoYV7FkPrst+7kv8gLAoGBAMSL
XA7aVSkFmrBDsag6YNsmOaBp8geEAll/N3dazXulIHUCnpUpY//Cgeb+LBrKQmWA
Fuf5gcb7GR4oFmu4jaTpXvKz8eqnsNeDmzVKMoB31wd9QTrYMc+SBuyX3nHldRFF
CXU1UlAj/ujoMz+wYuyE/qtOISZ2FITkZQvjRjoTAoGBALa76QDeRB/uj4eFCeeV
ow5wt0CputPOxJbLf8CoGv5KPwBv7Yz789wXayLvj6JQDs4SVw9gp5LjR+YwPum+
ww6NaID7o9d5JKDd4tO6UWYId0pKV/n9/jHYGMeid23tm3bbDKbV2NjhY/8UvQNN
5TZ/U54hy8W6f7cmYBtwPUyXAoGAC1bS79Ru11gIbaTqKf98OQiCiJu0J/TYwdsS
EyO8+SY0sit9hLOHnmjVX8NIPh9vJzX1nFqLvzQbZd8ANCTInzwLi0sQaO5VyIlC
OhfWxAyl7juuuLtiXExbc+jrH30SfPWTrxxtbEw3V66VzlXZzzV5D98JEJP9aRFY
NxBcq9sCgYBSIZfEKW9DTuPAHfYLToQpDRLM/1sT2Kg9CcASHlj4jmV+7CfJggKY
TQnshZuvArjlYlUCjrSubwt6FYmP+O6hbnHEBHo6RTCc2qnvS7J+GGk8C/CH/iTO
PbXaW7rcUuX6hEFdZQQ8OOJBstnKjZn2sI+OIX+VBrqnDOYWlFwlEA==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIFEjCCAvqgAwIBAgIBGDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAk5DMQwwCgYDVQQHEwNSVFAxHDAaBgNVBAoTE0Npc2NvIFN5c3Rl
bXMsIEluYy4xDDAKBgNVBAsTA1RBQzEbMBkGA1UEAxMSbGludXhsYWIuY2lzY28u
Y29tMSEwHwYJKoZIhvcNAQkBFhJzc2NobWlkdEBjaXNjby5jb20wHhcNMTYwNTA1
MTQ0MDAxWhcNMTcwNTA1MTQ0MDAxWjCBhjELMAkGA1UEBhMCVVMxCzAJBgNVBAgM
Ak5DMRwwGgYDVQQKDBNDaXNjbyBTeXN0ZW1zLCBJbmMuMQwwCgYDVQQLDANUQUMx
GzAZBgNVBAMMEmxhdWdodGVyLmNpc2NvLmNvbTEhMB8GCSqGSIb3DQEJARYScmFt
a3JpczJAY2lzY28uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
uRPbZqm6JlTR6FCvWF8PejHF+HpTTrwgypqty4mviw78gC2GTGrIYdA2eErpj1UC
YVc/0rm5OU68Qr0X2DUm1lukopXgTF3dWtg8FZ77sj8+RN8LYAaHySHJc9tRF8QU
DB8zyHryXSM/5aw1z1F+4DSMP5nVYoZroiM+WXhP3BYFvyHmnBbgOKZ8Zmln0idJ
Mu8qI53/HfH3pNsuFjR9sCh+jbIEpUh9Jt54jifcFFUY+7XtGJ7GVjyCsGKFHWx6
EgrCOb4uqS1crEUjO9/vDlp6M559F1hMQRHkAY5sSFDq5qY+XEPY7mopyQmNBRZx
WgOogtQ2fsK1XFDZ4ZBW0QIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIB
DQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUeKxp
ACe19Jpz6QuXGALJik41DjcwHwYDVR0jBBgwFoAUUPGERegtBFb+1WJ+1ZLqRpWK
G84wDQYJKoZIhvcNAQELBQADggIBAJzykVSWLvNuFk/Q1PRFU7pdX5z8g5KOaQjo
4erSl48m1WoM7vJNXjqqHD6JdcOMINGeuxElI1Vd7prpARhE+Qj7xSMfDMilzSFy
mKVpTNQzT/9yHytAycVsvbGYJDh8R3jTpxJXWPBcvErE8OuaxkCbePNzQD56KqFC
Sjibw2GgwLJa8GaHZdL0lGQ9djDfsQwriqvphBX9Dkd9qeMPnxYCXVsE4SsbLUWC
n0tasfJ4pcrgRqEi6OBw8zh3twcy6vEBJvp0tA3/z3yPdvG0sZ5x5WCTCCOmLvUE
BswbZusCMQFCHg14wbEoNo/I3GDoqRHzw1j0hA887r4AWnMOeXjkHjA7YxtrSzJ4
cQL5WEXj8di6UqwQA+dNBCLv488huLFEcEL8YjMLV4Z6nfaXzNF2FLJZByaD4/sP
TcZ2BkKS53YKKE7LUaIbUH3ymdfejQuIVabtBnc/of5bw7WODlyBZIhd4MW3eFJK
puoXXxp0xqmS3/VMnefyaVqBz3eV4KXkg0Z6w6KbCXst9aTP+NtSGEBeXgM36TvR
2SIVCwKH/RlDQp+vk1QykQdj6JSMJUrl6fdRAtpAZssMGIT2KsreRVnJ8ig7VAKp
17ES4FZ/7rg87GoUYfmAl+AhvZCCu2SjJBdW6/IO1rHHkB+1UkU+yswY85Ccq7Wj
+9TmdHX8
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGqjCCBJKgAwIBAgIJAPj9p1QMdTgoMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCTkMxDDAKBgNVBAcTA1JUUDEcMBoGA1UEChMTQ2lz
Y28gU3lzdGVtcywgSW5jLjEMMAoGA1UECxMDVEFDMRswGQYDVQQDExJsaW51eGxh
Yi5jaXNjby5jb20xITAfBgkqhkiG9w0BCQEWEnNzY2htaWR0QGNpc2NvLmNvbTAe
Fw0xNjA1MDUxMzQ5MTlaFw0zNjA0MzAxMzQ5MTlaMIGUMQswCQYDVQQGEwJVUzEL
MAkGA1UECBMCTkMxDDAKBgNVBAcTA1JUUDEcMBoGA1UEChMTQ2lzY28gU3lzdGVt
cywgSW5jLjEMMAoGA1UECxMDVEFDMRswGQYDVQQDExJsaW51eGxhYi5jaXNjby5j
b20xITAfBgkqhkiG9w0BCQEWEnNzY2htaWR0QGNpc2NvLmNvbTCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBALDXzffE4YyvCakwDop2gKcfOAOgn96hzbVC
OvVGDNwYE/070u9Rh8Tf4yCX8tknrkN2QnqZVarWgUPYvc0zSVqXiT6bxWkuvGYL
nO+PiXFKAFMlF+BjF0L8Fdm0B+ZowSUlrFwLCX7yOsemn62NfwVHo0MUImJoglF0
JW+8pJrxrfoWG78AgRUsKFi5R4IuTPWV1PSWiD1nDEEkxn1JKNmwtnNC7iAUHWMs
gKK64VBpoSTNWpiyHCD0B4Col2x+R9NNWOQ9X7NnMhtR16AYKm60ElkMYvP1Zjrl
aZFfzkZXLmsxluxjbU9mv4lUhGzeJxbcBUPuvLbM6WoOYp6/lYoSdd5PtfX9Ixim
7zO/uL7w2vyI4+kJYm7HHtFVHuhEcWEhyEdW0JcvT61L68F/iB79WezJd0VbPCel
gFSJFhx5F2jhyYlZq2bbjOdzf0RC+U053W+xfqQUTt17BDnb6n+UvPSDfwDpnKMH
RbZlis0nC7YfqscDnrpBETRPNvNfRsQznoBgqqPWrfJ/RVU+CnjxZB+SiEWhV2ei
Wla6P8iB+MmMBYoHXbk1pBf0BkZEXd2uGk74o7a3rj1MAlzdppoGYAW2hfvYYqNW
kDGOgkHLf1KzawB9gaiWNHo6UujaHZNi/jKL6FQlor+HQ/EggWtflTLl1YBTz4cB
iNlK3wQ7AgMBAAGjgfwwgfkwHQYDVR0OBBYEFFDxhEXoLQRW/tViftWS6kaVihvO
MIHJBgNVHSMEgcEwgb6AFFDxhEXoLQRW/tViftWS6kaVihvOoYGapIGXMIGUMQsw
CQYDVQQGEwJVUzELMAkGA1UECBMCTkMxDDAKBgNVBAcTA1JUUDEcMBoGA1UEChMT
Q2lzY28gU3lzdGVtcywgSW5jLjEMMAoGA1UECxMDVEFDMRswGQYDVQQDExJsaW51
eGxhYi5jaXNjby5jb20xITAfBgkqhkiG9w0BCQEWEnNzY2htaWR0QGNpc2NvLmNv
bYIJAPj9p1QMdTgoMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAD0R
CmpKKygd3oRip8NaRssHYndwm6t3Add4+BM/wZ5TbNi5POg5JZIDgV2qT6elJIux
dLTTCJcHaoeITWW/CTpYrve+Q3NAPTImmXTX2swN7zVX3GXNoBQWhIuZh4A9YMVb
tAST3O7qCQq+6NU1LKBjTdnc6qw/VLe2WD9vvhDcq+i5HyHJWJqsTcO8iU8fyTGv
Q1i8MFZ7VPgnr2RGaIki8yCsFG+bSKuiVQgylnQLMKSkqCtWww+eBj1bPr/MecgC
1bO5OJ+id08UalM6KhlRQYY9o5q7lkRIFVgUvHyhsNdvmwSa15kpWLeKqsNrFt5A
jipNPJW4Cf2HLutZZZGGIDNc9kQlD7XyPXlV41n/4uoYuKjea6RgcJYR/lFh0rTo
nUp3LbZkpRQksWrhKfO7BoFOif7s9Ko6YDuOu2o/dzU1XUf937ovNmGqvOPRPrV2
5cUrQKEXeTsGbuxvvxkEFv39BZsefc0tiSMRkpN84FOBoYUkc0zioiURQa8gs6Eo
w5CuB/DH65uxQ2yowV4KVktHA5az5j0ZUoayLX0vOktr54g+z3+li+QN2yfTiOOS
zvz4k6Ylu4ySosg4BdWVmPXbLLkTpb+AEHpK+IZF6I6qMVPU5wz6VMAVKhilaEkN
o1d/c05RYSTy8/SlROa4ms68xqCpQIdaWg10VIDQ
-----END CERTIFICATE-----

Installation procedure:

Step:1 

Login to the CMX cli as cmxadmin and then root.

[cmxadmin@cmx]$ su -

Password:
[root@cmx ~]#

Step:2 

Make a directory on CMX to hold the new certificate:

[root@cmx ~]#mkdir /opt/haproxy/ssl/newcert/

Copy your properly formatted signed certificate to this directory. Example below is called localhost.pem.

Step:3

On CMX use openssl verify to make sure that everything is properly built:

[root@cmx newcert]#cd /opt/haproxy/ssl/newcert

[root@cmx newcert]#openssl verify -CAfile /opt/haproxy/ssl/newcert/localhost.pem /opt/haproxy/ssl/newcert/localhost.pem

/opt/haproxy/ssl/newcert/localhost.pem: OK <--- should get OK

Instructions for CMX build 324: (10.2.2 beta) or 10.2.2 CCO and later:

[root@cmx newcert]#cmxctl node sslmode enable --pem /opt/haproxy/ssl/newcert/localhost.pem
enabling ssl
ssl enabled

 [root@cmx newcert]#reboot

 

Note:

In CMX 10.2.1-219 there is a bug that will not allow the install to work properly.

CSCux30499 Need exact steps in the config guide for certificates

The issue will be fixed in CMX 10.2.2 which will be out May 2016.  If there is a business need to continue with CMX 10.2.1-219 please contact the TAC for the workaround.

Content for Community-Ad