2

I'm trying to use client certificate verification in an OpsWorks HAProxy instance. The question I'm running into, and it's probably a noob issue, is how am I supposed to deploy my ssl private key to the instance without overexposing it?

The private key can be set in an Elastic Load Balancer instance, but that does not support setting a client certificate.

It's also possible to set the key in an OpsWorks App definition, but that doesn't seem to be an option for the HAProxy instance.

How is the responsible deployment of ssl keys in OpsWorks normally accomplished?

Chris
  • 123
  • 3

1 Answers1

1

Assuming you're looking to bypass the ELB completely and handle all SSL termination on your HAProxy instance... You could do this with a custom Chef cookbook and file upload or pull this down from an S3 bucket with privileges set accordingly or a a shell script that pulls down from a secure location. All of three of these are under the assumption that you're using some mechanism to kick off a process locally and write/configure/execute the setting of the cert.

J. Lawson
  • 86
  • 10