Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy client SSL cert check non-local CA

    Scheduled Pinned Locked Moved
    Cache/Proxy
    1
    1
    312
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      Hi all,

      I hope I could get some help regarding this.

      I have a pfSense that HAProxy is running in front of the server as the diagram. Between client system and server, client SSL certificate authentication is going to be used with http basic auth (username and password).

      The same architecture will be multiplied and because of this, I'd like to have a single CA remotely instead of having internal CA on each pfSense boxes to manage certificates easily.

      Now, when client system makes a request e.g., API call, I want HAProxy to check client certificate's validity via OCSP (or CRL whatever can be used). CA and OCSP will be in the same system.

      Will this be possible? If so, could I please get some advice regarding how to do this? pfSense has the latest community edition.

      Hope I can get some help. Thanks.

      Eoin

      fba08439-6b9f-46f5-a826-d64292c8d13e-image.png

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.