• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Issue with HAproxy Intermediate certificate

Scheduled Pinned Locked Moved Cache/Proxy
1 Posts 1 Posters 587 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    Solll
    last edited by Aug 21, 2018, 11:55 AM

    Greetings,
    We are having an issue with Intermediate certificate and HAproxy, hope someone could give some light on it.
    Our current set is Pfsense-HAproxy-Cert-Manager using external CA. The external CA is using three chain certificates - one for server platforms verification and two for client verification of two different applications. One of the applications is using HAproxy for SSL offloading. We have imported Root Certificate and two Intermediate certificates - for client verification and for server verification, also the server client certificate was added with the key to Certificates. So far everything looks good - all have automatically added their chains, so the Root is chaining with the two intermediate certificates and the server intermediate is chaining with the application server client certificate. And here is the problem when we set the users to be verified by the Client-Intermediate-certificate their browser returns ERR_BAD_SSL_CLIENT_AUTH_CERT. A workaround is to verify the clients directly by the Root certificate, but here is the second issue, as the client is using two client certificates for different applications and they are both accepted by the Root, which is unwanted. Any ideas are welcome.
    Kind Regards,

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received