I'm trying to use client certificate verification in an OpsWorks HAProxy instance. The question I'm running into, and it's probably a noob issue, is how am I supposed to deploy my ssl private key to the instance without overexposing it?
The private key can be set in an Elastic Load Balancer instance, but that does not support setting a client certificate.
It's also possible to set the key in an OpsWorks App definition, but that doesn't seem to be an option for the HAProxy instance.
How is the responsible deployment of ssl keys in OpsWorks normally accomplished?