I'm trying very hard to get away from a set of Kemp Loadmasters that I bought years ago to provide HA access to our website. Part of that process is going to be putting the key and certificate in the new solution (HAproxy with nginx doing SSL). Unfortunately, I've come up against a problem...
The Kemp has built-in certificate management, and it generates CSR's at the touch of a button. It also supported importing of signed certificates, however it does not, so far as I can tell, allow any kind of export of the key itself.
There is a "backup key and certificates" ability, however here's the text from the manual:
LoadMaster supports exporting of ALL certificate information.
This includes private key, host and intermediate certificates.
The export file is designed to be used for import into another
LoadMaster and is encrypted. Export and import can be completed
using the WUI at Certificates -> Backup/Restore Certs. Please
make sure to note the pass phrase used to create the export, it
will be required to complete the import.
You can selectively resort only Virtual Service certificates
including private keys, intermediate certificates or both.
Well, that is great, but as for actually DEALING with the certs, I'm apparently out of luck.
Of course, I'm not going to give up that easily. I ran "file" on the saved cert bundle and got this:
$ file client1.certs.backup
client1.certs.backup: gzip compressed data, from Unix
Well, awesome, I thought. Maybe it's just a .tar.gz, so I unzipped it, and that went fine, but my attempts to untar it didn't work, and running "file" on it now just gives this:
$ file client1.certs.backup
client1.certs.backup: data
So that's where I'm stuck. Anyone have experience with these?