Just add following lines to vhost.conf SSLEngine on SSLProtocol TLSv1.2 TLSv1.1 SSLProxyProtocol TLSv1.2 TLSv1.1 SSLHonorCipherOrder on SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA25
For add cert to Java 8 you need use keytool cd /tmp/ && \ curl -O https://letsencrypt.org/certs/letsencryptauthorityx1.der && \ sudo $JAVA_HOME/bin/keytool -noprompt -importcert -alias letsencryptauthorityx1 -keystore $JAVA_HOME/jre/lib/security/cacerts -file letsencryptauthorityx1.der -storepass changeit && \ curl -O https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der && \ sudo $JAVA_HOME/bin/keytool -noprompt -importcert -alias lets-encrypt-x3-cross-signed -keystore $JAVA_HOME/jre/lib/security/cacerts -file lets-encrypt-x3-cross-signed.der -storepass changeitcd /tmp/ && \ curl -O https://letsencrypt.org/certs/letsencryptauthorityx1.der && \ sudo $JAVA_HOME/bin/keytool -noprompt -importcert -alias letsencryptauthorityx1 -keystore $JAVA_HOME/jre/lib/security/cacerts -file letsencryptauthorityx1.der -storepass changeit && \ curl -O https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der && \ sudo $JAVA_HOME/bin/keytool -noprompt…
For SSL in Haproxy you need to create PEM-file and put cert plus private key. But in right order —–BEGIN MY CERTIFICATE—– —–END MY CERTIFICATE—– —–BEGIN INTERMEDIATE CERTIFICATE—– —–END INTERMEDIATE CERTIFICATE—– —–BEGIN INTERMEDIATE CERTIFICATE—– —–END INTERMEDIATE CERTIFICATE—– —–BEGIN ROOT CERTIFICATE—– —–END ROOT CERTIFICATE—– —–BEGIN RSA PRIVATE KEY—– —–END RSA PRIVATE KEY———-BEGIN MY CERTIFICATE—– —–END MY CERTIFICATE—– —–BEGIN INTERMEDIATE CERTIFICATE—– —–END INTERMEDIATE CERTIFICATE—– —–BEGIN INTERMEDIATE CERTIFICATE—– —–END INTERMEDIATE CERTIFICATE—– —–BEGIN ROOT CERTIFICATE—– —–END ROOT CERTIFICATE—– —–BEGIN RSA PRIVATE KEY—– —–END RSA…
Run this command if you want get SSL certificate info from bash openssl x509 -in certificate-1.crt -noout -text -certopt no_header,no_version,no_serial,no_signame,no_pubkey,no_sigdump,no_auxopenssl x509 -in certificate-1.crt -noout -text -certopt no_header,no_version,no_serial,no_signame,no_pubkey,no_sigdump,no_aux
Оставлю эту картинку тут Источник И небольшая презентация http://www.whd.global/downloads/2014/sStag1d1.pdf