Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    haproxy error trying to set up SSL client cert auth "no such ACL: aclsystem_ssl_c_used"

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 686 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nuclearstrength
      last edited by

      I'm trying to set up client authentication via an SSL client certificates with an internal CA created in pfsense with self-signed certs, which have been installed on the browser, both the CA and the client cert.

      SSL auth via certificate on the frontend is actually working, I have been asked the certificate by haproxy frontend and it has been recognized,

      the backend is just a forward to an http service on a machine over a VPN, I configured no other ACL on the backend as I consider having the user SSL cert enough for accessing this service.

      I get a 503 with this setup.

      If I setup an ACL on the backend as well with SSL Client certificate valid I get this error:

      [ALERT] 239/060824 (16900) : parsing [/var/etc/haproxy_test/haproxy.cfg:84] : error detected while parsing switching rule : no such ACL : 'aclsystem_ssl_c_used'.
      [ALERT] 239/060824 (16900) : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg
      [ALERT] 239/060824 (16900) : Fatal errors found in configuration.

      aclsystem_ssl_c_used is an error that is mentioned only in the pfsense haproxy package on the internet, here

      https://github.com/pfsense/pfsense-packages/blob/master/config/haproxy-devel/pkg/haproxy.inc

      what am I doing wrong, seems like I shouldn't put the "SSL client certificate valid" on the backend as well as the frontend since it's already used, at least that's what I get from the name, I can't understand that code, but I want to authenticate users on the haproxy frontend and I need no other form of authentications or acl besides that, how do I get that setup?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.