Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy ssl verify and Android/Chrome issue

    pfSense Packages
    2
    2
    871
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bzg
      last edited by

      Dear All,

      I've a strange issue with HAProxy serving HTTPS pages and phones with Android/Chrome. THe issue is the same as described in the following forum: https://stackoverflow.com/questions/19311094/certificate-issue-ssl-page-brings-up-you-need-to-set-a-lock-screen-pin-or-pass.

      Regarding to the documentation of HAProxy I need to set up the "verify" option to none:

      "verify [none|optional|required]
      This setting is only available when support for OpenSSL was built in. If set
      to 'none', client certificate is not requested. This is the default. In other
      cases, a client certificate is requested. If the client does not provide a
      certificate after the request and if 'verify' is set to 'required', then the
      handshake is aborted, while it would have succeeded if set to 'optional'. The
      certificate provided by the client is always verified using CAs from
      'ca-file' and optional CRLs from 'crl-file'. On verify failure the handshake
      is aborted, regardless of the 'verify' option, unless the error code exactly
      matches one of those listed with 'ca-ignore-err' or 'crt-ignore-err'."

      In the HAProxy package if I set the option "Allows clients without a certificate to connect." then in the config will appears the "SSL verify optional", but I need "SSL verify none". How can I do this?

      Kind Regards,
      bzg

      1 Reply Last reply Reply Quote 0
      • P
        PiBa
        last edited by

        https://redmine.pfsense.org/issues/8228#note-5

        "Leave all these options empty"

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.