Add CA certifice from Let’s Encrypt to Java 8

For add cert to Java 8 you need use keytool

cd /tmp/ && \
curl -O https://letsencrypt.org/certs/letsencryptauthorityx1.der && \
sudo $JAVA_HOME/bin/keytool -noprompt -importcert -alias letsencryptauthorityx1 -keystore $JAVA_HOME/jre/lib/security/cacerts -file  letsencryptauthorityx1.der  -storepass changeit && \
curl -O https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der && \
sudo $JAVA_HOME/bin/keytool -noprompt -importcert -alias lets-encrypt-x3-cross-signed -keystore $JAVA_HOME/jre/lib/security/cacerts -file lets-encrypt-x3-cross-signed.der -storepass changeit

Читать далее Add CA certifice from Let’s Encrypt to Java 8

Certificate order in Haproxy PEM file

For SSL in Haproxy you need to create PEM-file and put cert plus private key. But in right order

-----BEGIN MY CERTIFICATE-----
-----END MY CERTIFICATE-----
-----BEGIN INTERMEDIATE CERTIFICATE-----
-----END INTERMEDIATE CERTIFICATE-----
-----BEGIN INTERMEDIATE CERTIFICATE-----
-----END INTERMEDIATE CERTIFICATE-----
-----BEGIN ROOT CERTIFICATE-----
-----END ROOT CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

Show information of certificate

Run this command if you want get SSL certificate info from bash

openssl x509 -in certificate-1.crt -noout -text -certopt no_header,no_version,no_serial,no_signame,no_pubkey,no_sigdump,no_aux