HAProxy redirection https without certificate
-
Hello hello,
I have a pfsense with Haproxy configured with some backend and rules.We plan to have lot of domain on this pfsense and for all of them, we do a redirection www to non-www domain (example : www.my.domain is redirect to my.domain)
I wanted to only genereting 1 certificate per domain and not generate the certificate for www as we only redirect it.So I tried, but from the browser, I fall on the warning page (as there is no certificate, it warn me I'm not in a private connexion).
If I accept it, I'm redirect to the domain without www and everything is working well.So, I guess that the browser check certificate before going to the redirection rule I have on HAProxy ? So it get stuck on the warning page ?
And, there is no other solution than generate a certificate for www domains ? (or use CNAME form my domain provider)I need your knowledge !
-
@wiwi-0
No, that won't work this way.When the browser is requesting https://www.my.domain, he is expecting to get an SSL certificate for www.my.domain. If the host name isn't included in the cert or no cert is deliverd, he will throw a warning or refuse the connection at all.
You can neither workaround this with HAProxy nor with any other kind of redirection. You need the proper cert, either on the webserver or on the proxy, when doing TLS offloading.
-
@viragomann Okay, thanks a lot for your repply !