Issue with HAproxy Intermediate certificate



  • Greetings,
    We are having an issue with Intermediate certificate and HAproxy, hope someone could give some light on it.
    Our current set is Pfsense-HAproxy-Cert-Manager using external CA. The external CA is using three chain certificates - one for server platforms verification and two for client verification of two different applications. One of the applications is using HAproxy for SSL offloading. We have imported Root Certificate and two Intermediate certificates - for client verification and for server verification, also the server client certificate was added with the key to Certificates. So far everything looks good - all have automatically added their chains, so the Root is chaining with the two intermediate certificates and the server intermediate is chaining with the application server client certificate. And here is the problem when we set the users to be verified by the Client-Intermediate-certificate their browser returns ERR_BAD_SSL_CLIENT_AUTH_CERT. A workaround is to verify the clients directly by the Root certificate, but here is the second issue, as the client is using two client certificates for different applications and they are both accepted by the Root, which is unwanted. Any ideas are welcome.
    Kind Regards,