HaProxy SSL offloading with multiple certificates

cjbujold · Jul 3, 2020, 6:54 PM

I have HaProxy setup for SSL Offloading and with one SSl certificate it works great. The problem is I have multiple domains each with it's own certificate. For example I have abc.com and xyz.com and I only see the ability to add one certificate (see image item 1). if I add the second certificate ( see image Item 2) Haproxy does not seem to recognize the second certificate for the second domain.

I have added both certificates in the Additional certificates table (see image Item 2) but I must be missing a step since it only uses the Certificate I entered in the certificate field ( see image Item 1)

Any help would be appreciated.

Thanks

dragoangel · Jul 6, 2020, 6:25 AM

@cjbujold said in HaProxy SSL offloading with multiple certificates:

have HaProxy setup for SSL Offloading and with one SSl certificate it works great. The problem is I have multiple domains each with it's own certificate.

You need use shared frontend if you have one public IP for multiply SSL certificates. This will require from client support of SNI but this not an issue in 2020.
Your default frontend can be without backend and all shared backends use host ACLs rules (or other ACLs) to forward your requests to correct backends. That is all.

xuti · Aug 18, 2020, 10:06 AM

Hi dragoangel,

I have the same scenario and the same issue. I have two webs that require two different certificates and now I am using SSL offloading in one of them successfully. I want to implement the same SSL offloading with the second site.

Can you explain with a little step-by-step your solution please? I am a little bit noob with haproxy in pfsense.

Thanks a lot.

dragoangel · Aug 18, 2020, 10:15 AM

@xuti on web, even on this forum and on YouTube is plenty of how to about this. Sorry but I can't help you to learn this, no have time.