• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HaProxy SSL offloading with multiple certificates

Scheduled Pinned Locked Moved Cache/Proxy
4 Posts 3 Posters 2.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    cjbujold
    last edited by Jul 3, 2020, 6:54 PM

    I have HaProxy setup for SSL Offloading and with one SSl certificate it works great. The problem is I have multiple domains each with it's own certificate. For example I have abc.com and xyz.com and I only see the ability to add one certificate (see image item 1). if I add the second certificate ( see image Item 2) Haproxy does not seem to recognize the second certificate for the second domain.

    I have added both certificates in the Additional certificates table (see image Item 2) but I must be missing a step since it only uses the Certificate I entered in the certificate field ( see image Item 1)

    Any help would be appreciated.

    Thanks
    sslhaproxy.jpg

    1 Reply Last reply Reply Quote 0
    • D
      dragoangel
      last edited by dragoangel Jul 6, 2020, 6:25 AM Jul 6, 2020, 6:24 AM

      @cjbujold said in HaProxy SSL offloading with multiple certificates:

      have HaProxy setup for SSL Offloading and with one SSl certificate it works great. The problem is I have multiple domains each with it's own certificate.

      You need use shared frontend if you have one public IP for multiply SSL certificates. This will require from client support of SNI but this not an issue in 2020.
      Your default frontend can be without backend and all shared backends use host ACLs rules (or other ACLs) to forward your requests to correct backends. That is all.

      Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
      Unifi AP-AC-LR with EAP RADIUS, US-24

      1 Reply Last reply Reply Quote 0
      • X
        xuti
        last edited by Aug 18, 2020, 10:06 AM

        Hi dragoangel,

        I have the same scenario and the same issue. I have two webs that require two different certificates and now I am using SSL offloading in one of them successfully. I want to implement the same SSL offloading with the second site.

        Can you explain with a little step-by-step your solution please? I am a little bit noob with haproxy in pfsense.

        Thanks a lot.

        D 1 Reply Last reply Aug 18, 2020, 10:15 AM Reply Quote 0
        • D
          dragoangel @xuti
          last edited by Aug 18, 2020, 10:15 AM

          @xuti on web, even on this forum and on YouTube is plenty of how to about this. Sorry but I can't help you to learn this, no have time.

          Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
          Unifi AP-AC-LR with EAP RADIUS, US-24

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received