# Cannot load certificates with relayd



## mapcorp (Jan 7, 2012)

Hi,

I'm trying to configure relayd as a https relay for several http servers. My problem is that I can't get relayd to load my certificate files although they are in /etc/ssl and /etc/ssl/private. Is there any directive to explictly tell where the certs are?

Tests:

```
======== START TESTS ======

[root@lb1 /etc/ssl]# relayd -d -v
startup
/usr/local/etc/relayd.conf:104: cannot load certificates for relay wwwssl


[root@lb1 /etc/ssl]# ls -la /etc/ssl/private/
total 8
drwxr-xr-x  2 root  wheel  512 Jan  7 20:36 .
drwxr-xr-x  3 root  wheel  512 Jan  7 20:34 ..
-rw-r--r--  1 root  wheel  704 Jan  7 20:39 127.0.0.1.csr
-rw-------  1 root  wheel  963 Jan  7 20:38 127.0.0.1.key
[root@lb1 /etc/ssl]#
[root@lb1 /etc/ssl]#
[root@lb1 /etc/ssl]# ls -la /etc/ssl/
total 18
drwxr-xr-x   3 root  wheel   512 Jan  7 20:34 .
drwxr-xr-x  20 root  wheel  2048 Jan  7 19:24 ..
-rw-r--r--   1 root  wheel   952 Jan  7 20:40 127.0.0.1.crt
-rw-r--r--   1 root  wheel  9472 Feb 17  2011 openssl.cnf
drwxr-xr-x   2 root  wheel   512 Jan  7 20:36 private
```


Config file (relevant part) : 


```
[root@lb1 /etc/ssl]# cat /usr/local/etc/relayd.conf

ext_addr="127.0.0.1"
#
# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration
#
http protocol httpssl {
        header append "$REMOTE_ADDR" to "X-Forwarded-For"
        header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
        header change "Connection" to "close"

        # Various TCP performance options
        tcp { nodelay, sack, socket buffer 65536, backlog 128 }

        ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
        ssl session cache disable
}

relay wwwssl {
        # Run as a SSL accelerator
        listen on $ext_addr port 443 ssl
        protocol httpssl

        # Forward to hosts in the webhosts table using a src/dst hash
        forward to <webhosts> port http mode loadbalance \
                check http "/" code 200
}

======== END TESTS ======
```

Thanks in advance,

Tom


----------

