Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue with HAproxy Intermediate certificate

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 587 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Solll
      last edited by

      Greetings,
      We are having an issue with Intermediate certificate and HAproxy, hope someone could give some light on it.
      Our current set is Pfsense-HAproxy-Cert-Manager using external CA. The external CA is using three chain certificates - one for server platforms verification and two for client verification of two different applications. One of the applications is using HAproxy for SSL offloading. We have imported Root Certificate and two Intermediate certificates - for client verification and for server verification, also the server client certificate was added with the key to Certificates. So far everything looks good - all have automatically added their chains, so the Root is chaining with the two intermediate certificates and the server intermediate is chaining with the application server client certificate. And here is the problem when we set the users to be verified by the Client-Intermediate-certificate their browser returns ERR_BAD_SSL_CLIENT_AUTH_CERT. A workaround is to verify the clients directly by the Root certificate, but here is the second issue, as the client is using two client certificates for different applications and they are both accepted by the Root, which is unwanted. Any ideas are welcome.
      Kind Regards,

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.