In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/03 Report--
The following brings you how to assign public network certificates based on load balancer-Keepalived-Haproxy. I hope it can give you some help in practical application. Load balancing involves many things, and there are not many theories. There are many books online. Today, we will use the accumulated experience in the industry to do an answer.
241-HaproxyKA01
242-HaproxyKA02
Same configuration.
/ / 0. Delete a file
/ / delete the old certificate:
Ll certificates/
Rm-f certificates/*.* / / Delete all
Ll certificates/
/ / Delete a certificate
Ll / etc/ssl/certs/
Rm-f / etc/ssl/certs/exchange_certificate_and_key_nopassword.pem / / Delete this file
Ll / etc/ssl/certs/
/ / 1. Download CA certificate (root certificate)
Root_i-x-Cloud.cer
Upload to / root/
Ls * .cer-l
Mv * .cer certificates/
Cd certificates
Ll
[root@241-HaproxyKA01 ~] # ll
Total 1660
-rw-. 1 root root 1030 Dec 13 2015 anaconda-ks.cfg
Drwxr-xr-x 2 root root 6 Feb 24 17:18 certificates
Drwxrwxr-x 9 root root 4096 Oct 6 2016 haproxy-1.5.4
-rw-r--r-- 1 root root 1336140 May 12 2016 haproxy-1.5.4.tar.gz
Drwxr-xr-x 7 1000 1000 4096 Oct 7 2016 keepalived-1.2.13
-rw-r--r-- 1 root root 341956 May 13 2014 keepalived-1.2.13.tar.gz
-rw-r--r-- 1 root root 1174 Feb 24 16:02 root_i_x_Cloud.cer
[root@241-HaproxyKA01] # mv * .cer certificates/
[root@241-HaproxyKA01 ~] # cd certificates/
[root@241-HaproxyKA01 certificates] # ll
Total 4
-rw-r--r-- 1 root root 1174 Feb 24 16:02 root_i_x_Cloud.cer
/ / 2. Convert cer to pem (root certificate)
Openssl x509-in root_i-x-Cloud.cer-inform der-outform pem-out root_i-x-Cloud.pem
Ll
[root@241-HaproxyKA01 certificates] # openssl x509-in root_i-x-Cloud.cer-inform der-outform pem-out root_i-x-Cloud.pem
[root@241-HaproxyKA01 certificates] # ll
Total 8
-rw-r--r-- 1 root root 1174 Feb 24 16:02 root_i-x-Cloud.cer
-rw-r--r-- 1 root root 1647 Feb 24 17:21 root_i-x-Cloud.pem
[root@241-HaproxyKA01 certificates] #
/ / 3. Regenerate hash
[root@241-HaproxyKA01 certificates] # c_rehash.
Doing.
Root_i-x-Cloud.pem = > 2e5ac55d.0
[root@241-HaproxyKA01 certificates] # ll
Total 8
Lrwxrwxrwx 1 root root 18 Mar 1 20:23 2e5ac55d.0-> root_i-x-Cloud.pem
-rw-r--r-- 1 root root 846 Mar 1 12:48 root_i-x-Cloud.cer
-rw-r--r-- 1 root root 1200 Mar 120: 19 root_i-x-Cloud.pem
[root@241-HaproxyKA01 certificates] # ll / etc/pki/tls/certs/
Total 12
Lrwxrwxrwx 1 root root 49 May 10 2016 ca-bundle.crt-> / etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
Lrwxrwxrwx 1 root root 55 May 10 2016 ca-bundle.trust.crt-> / etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rwxr-xr-x 1 root root 610 May 9 2016 make-dummy-cert
-rw-r--r-- 1 root root 2388 May 9 2016 Makefile
-rwxr-xr-x 1 root root 829 May 9 2016 renew-dummy-cert
[root@241-HaproxyKA01 certificates] #
/ / 4. Export certificate (set password: Aa123456) / / password cannot be 1.
I-x-Cloud.com.pfx
Upload certificate: / root/certificates/
[root@241-HaproxyKA01 certificates] # ll
Total 12
Lrwxrwxrwx 1 root root 18 Mar 1 20:23 2e5ac55d.0-> root_i-x-Cloud.pem
-rw-r--r-- 1 root root 3869 Feb 28 22:33 i-x-Cloud.com.pfx
-rw-r--r-- 1 root root 846 Mar 1 12:48 root_i-x-Cloud.cer
-rw-r--r-- 1 root root 1200 Mar 120: 19 root_i-x-Cloud.pem
[root@241-HaproxyKA01 certificates] #
/ / 5. Convert pfx to pem
Openssl pkcs12-in i-x-Cloud.com.pfx-nocerts-out exchange_private_key_passwordprotected.pem
Aa123456
[root@241-HaproxyKA01 certificates] # ll
Total 12
Lrwxrwxrwx 1 root root 18 Mar 1 20:23 2e5ac55d.0-> root_i-x-Cloud.pem
-rw-r--r-- 1 root root 3869 Feb 28 22:33 i-x-Cloud.com.pfx
-rw-r--r-- 1 root root 846 Mar 1 12:48 root_i-x-Cloud.cer
-rw-r--r-- 1 root root 1200 Mar 120: 19 root_i-x-Cloud.pem
[root@241-HaproxyKA01 certificates] # openssl pkcs12-in i-x-Cloud.com.pfx-nocerts-out exchange_private_key_passwordprotected.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying-Enter PEM pass phrase:
[root@241-HaproxyKA01 certificates] # ll
Total 16
Lrwxrwxrwx 1 root root 18 Mar 1 20:23 2e5ac55d.0-> root_i-x-Cloud.pem
-rw-r--r-- 1 root root 2088 Mar 1 20:34 exchange_private_key_passwordprotected.pem
-rw-r--r-- 1 root root 3913 Mar 1 20:33 i-x-Cloud.com.pfx
-rw-r--r-- 1 root root 846 Mar 1 12:48 root_i-x-Cloud.cer
-rw-r--r-- 1 root root 1200 Mar 120: 19 root_i-x-Cloud.pem
[root@241-HaproxyKA01 certificates] #
/ / 6. Remove password protection
Openssl rsa-in exchange_private_key_passwordprotected.pem-out exchange_private_key_nopassword.pem
[root@241-HaproxyKA01 certificates] # openssl rsa-in exchange_private_key_passwordprotected.pem-out exchange_private_key_nopassword.pem
Enter pass phrase for exchange_private_key_passwordprotected.pem:
Writing RSA key
[root@241-HaproxyKA01 certificates] # ll
Total 20
Lrwxrwxrwx 1 root root 18 Mar 1 20:23 2e5ac55d.0-> root_i-x-Cloud.pem
-rw-r--r-- 1 root root 1679 Mar 1 20:36 exchange_private_key_nopassword.pem
-rw-r--r-- 1 root root 2088 Mar 1 20:34 exchange_private_key_passwordprotected.pem
-rw-r--r-- 1 root root 3913 Mar 1 20:33 i-x-Cloud.com.pfx
-rw-r--r-- 1 root root 846 Mar 1 12:48 root_i-x-Cloud.cer
-rw-r--r-- 1 root root 1200 Mar 120: 19 root_i-x-Cloud.pem
[root@241-HaproxyKA01 certificates] #
/ / 7. To extract the pfx file, we need to provide credentials.
Openssl pkcs12-in i-x-Cloud.com.pfx-clcerts-nokeys-out exchange_certificate.pem
Ll
[root@241-HaproxyKA01 certificates] # openssl pkcs12-in i-x-Cloud.com.pfx-clcerts-nokeys-out exchange_certificate.pem
Enter Import Password:
MAC verified OK
[root@241-HaproxyKA01 certificates] # ll
Total 24
Lrwxrwxrwx 1 root root 18 Mar 1 20:23 2e5ac55d.0-> root_i-x-Cloud.pem
-rw-r--r-- 1 root root 3040 Mar 1 20:38 exchange_certificate.pem
-rw-r--r-- 1 root root 1679 Mar 1 20:36 exchange_private_key_nopassword.pem
-rw-r--r-- 1 root root 2088 Mar 1 20:34 exchange_private_key_passwordprotected.pem
-rw-r--r-- 1 root root 3913 Mar 1 20:33 i-x-Cloud.com.pfx
-rw-r--r-- 1 root root 846 Mar 1 12:48 root_i-x-Cloud.cer
-rw-r--r-- 1 root root 1200 Mar 120: 19 root_i-x-Cloud.pem
[root@241-HaproxyKA01 certificates] #
/ / 8. Generate exchange_certificate_and_key_nopassword.pem by combining exchange_certificate.pem and exchange_private_key_nopassword.pem.
Cat exchange_certificate.pem exchange_private_key_nopassword.pem > exchange_certificate_and_key_nopassword.pem
Ll
[root@241-HaproxyKA01 certificates] # cat exchange_certificate.pem exchange_private_key_nopassword.pem > exchange_certificate_and_key_nopassword.pem
[root@241-HaproxyKA01 certificates] # ll
Total 32
Lrwxrwxrwx 1 root root 18 Mar 1 20:23 2e5ac55d.0-> root_i-x-Cloud.pem
-rw-r--r-- 1 root root 4719 Mar 1 20:40 exchange_certificate_and_key_nopassword.pem
-rw-r--r-- 1 root root 3040 Mar 1 20:38 exchange_certificate.pem
-rw-r--r-- 1 root root 1679 Mar 1 20:36 exchange_private_key_nopassword.pem
-rw-r--r-- 1 root root 2088 Mar 1 20:34 exchange_private_key_passwordprotected.pem
-rw-r--r-- 1 root root 3913 Mar 1 20:33 i-x-Cloud.com.pfx
-rw-r--r-- 1 root root 846 Mar 1 12:48 root_i-x-Cloud.cer
-rw-r--r-- 1 root root 1200 Mar 120: 19 root_i-x-Cloud.pem
[root@241-HaproxyKA01 certificates] #
/ / 9. Copy to folder
Ll / etc/ssl/certs/
Rm-f / etc/ssl/certs/exchange_certificate_and_key_nopassword.pem
Mv exchange_certificate_and_key_nopassword.pem / etc/ssl/certs/
Ll / etc/ssl/certs/
Ll
[root@241-HaproxyKA01 certificates] # ll / etc/ssl/certs/
Total 12
Lrwxrwxrwx 1 root root 49 May 10 2016 ca-bundle.crt-> / etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
Lrwxrwxrwx 1 root root 55 May 10 2016 ca-bundle.trust.crt-> / etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rwxr-xr-x 1 root root 610 May 9 2016 make-dummy-cert
-rw-r--r-- 1 root root 2388 May 9 2016 Makefile
-rwxr-xr-x 1 root root 829 May 9 2016 renew-dummy-cert
[root@241-HaproxyKA01 certificates] # mv exchange_certificate_and_key_nopassword.pem / etc/ssl/certs/
[root@241-HaproxyKA01 certificates] # ll / etc/ssl/certs/
Total 20
Lrwxrwxrwx 1 root root 49 May 10 2016 ca-bundle.crt-> / etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
Lrwxrwxrwx 1 root root 55 May 10 2016 ca-bundle.trust.crt-> / etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r-- 1 root root 4719 Mar 1 20:40 exchange_certificate_and_key_nopassword.pem
-rwxr-xr-x 1 root root 610 May 9 2016 make-dummy-cert
-rw-r--r-- 1 root root 2388 May 9 2016 Makefile
-rwxr-xr-x 1 root root 829 May 9 2016 renew-dummy-cert
[root@241-HaproxyKA01 certificates] # ll
Total 24
Lrwxrwxrwx 1 root root 18 Mar 1 20:23 2e5ac55d.0-> root_i-x-Cloud.pem
-rw-r--r-- 1 root root 3040 Mar 1 20:38 exchange_certificate.pem
-rw-r--r-- 1 root root 1679 Mar 1 20:36 exchange_private_key_nopassword.pem
-rw-r--r-- 1 root root 2088 Mar 1 20:34 exchange_private_key_passwordprotected.pem
-rw-r--r-- 1 root root 3913 Mar 1 20:33 i-x-Cloud.com.pfx
-rw-r--r-- 1 root root 846 Mar 1 12:48 root_i-x-Cloud.cer
-rw-r--r-- 1 root root 1200 Mar 120: 19 root_i-x-Cloud.pem
[root@241-HaproxyKA01 certificates] #
/ / 10. test
[root@241-HaproxyKA01 ~] # ip a | grep "inet 10"
Inet 10.1.1.241/24 brd 10.1.1.255 scope global eth0
Inet 10.1.1.135/32 scope global eth0
Inet 10.1.1.150/32 scope global eth0
Inet 10.1.1.120/32 scope global eth0
[root@241-HaproxyKA01 ~] #
[root@242-HaproxyKA02 ~] # ip a | grep "inet 10"
Inet 10.1.1.242/24 brd 10.1.1.255 scope global eth0
[root@242-HaproxyKA02 ~] #
[root@241-HaproxyKA01 ~] # ip a | grep "inet 10"
Inet 10.1.1.241/24 brd 10.1.1.255 scope global eth0
[root@241-HaproxyKA01 ~] #
[root@242-HaproxyKA02 ~] # ip a | grep "inet 10"
Inet 10.1.1.242/24 brd 10.1.1.255 scope global eth0
[root@242-HaproxyKA02 ~] # ip a | grep "inet 10"
Inet 10.1.1.242/24 brd 10.1.1.255 scope global eth0
Inet 10.1.1.135/32 scope global eth0
Inet 10.1.1.150/32 scope global eth0
Inet 10.1.1.120/32 scope global eth0
[root@242-HaproxyKA02 ~] #
Read the above about how to assign public network certificates based on load balancer-Keepalived-Haproxy. If you have anything else you need to know, you can find out what you are interested in in the industry information or find our professional and technical engineers for answers. Technical engineers have more than ten years of experience in the industry. Official website link www.yisu.com
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
