background

Documentation

back to Balancer

SSL certificate errors

The Snapt Balancer uses a PEM file format for SSL certificates. This file is a combination of a private key (.key), the certificate (.crt) and any intermediary certificates that you need (.crt).

Typically it looks like this:

-----BEGIN RSA PRIVATE KEY-----
(REQUIRED: Your Private Key: website.key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(REQUIRED: Your Primary SSL certificate: website.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(OPTIONALLY: Your Intermediate certificate: NetworkSolutions_CA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(OPTIONALLY: Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----

It is important that the key has no password on it, or the Balancer will not start!


Diagnosing Problems

Typically if you have an issue with SSL in the Balancer it is a bad PEM file, or a lack of intermediaries if it does not show as a valid certificate.

Outside of that you may find other complications, which we list here.


Redhat SELinux issue

SELinux can block Snapt from loading the PEM at start. If you receive this error you may have the problem:

unable to load SSL private key from PEM file

In that case please run the following command and test again:

setenforce 0

Inconsistencies

If you receive the following error it is indicating your private key (.key) does not match your certificate (.crt).

inconsistencies between private key and certificate loaded from PEM file '/var/snapt/certs/CERTNAME.pem'.

Most likely this is a copy/paste error where you have an old key or the wrong certificate.

Documentation

Go back to the main documentation portal?