haproxy error trying to set up SSL client cert auth "no such ACL: aclsystem_ssl_c_used"



  • I'm trying to set up client authentication via an SSL client certificates with an internal CA created in pfsense with self-signed certs, which have been installed on the browser, both the CA and the client cert.

    SSL auth via certificate on the frontend is actually working, I have been asked the certificate by haproxy frontend and it has been recognized,

    the backend is just a forward to an http service on a machine over a VPN, I configured no other ACL on the backend as I consider having the user SSL cert enough for accessing this service.

    I get a 503 with this setup.

    If I setup an ACL on the backend as well with SSL Client certificate valid I get this error:

    [ALERT] 239/060824 (16900) : parsing [/var/etc/haproxy_test/haproxy.cfg:84] : error detected while parsing switching rule : no such ACL : 'aclsystem_ssl_c_used'.
    [ALERT] 239/060824 (16900) : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg
    [ALERT] 239/060824 (16900) : Fatal errors found in configuration.

    aclsystem_ssl_c_used is an error that is mentioned only in the pfsense haproxy package on the internet, here

    https://github.com/pfsense/pfsense-packages/blob/master/config/haproxy-devel/pkg/haproxy.inc

    what am I doing wrong, seems like I shouldn't put the "SSL client certificate valid" on the backend as well as the frontend since it's already used, at least that's what I get from the name, I can't understand that code, but I want to authenticate users on the haproxy frontend and I need no other form of authentications or acl besides that, how do I get that setup?


Log in to reply