• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HAProxy client SSL cert check non-local CA

Scheduled Pinned Locked Moved Cache/Proxy
1 Posts 1 Posters 349 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • ?
    A Former User
    last edited by Mar 25, 2022, 5:33 AM

    Hi all,

    I hope I could get some help regarding this.

    I have a pfSense that HAProxy is running in front of the server as the diagram. Between client system and server, client SSL certificate authentication is going to be used with http basic auth (username and password).

    The same architecture will be multiplied and because of this, I'd like to have a single CA remotely instead of having internal CA on each pfSense boxes to manage certificates easily.

    Now, when client system makes a request e.g., API call, I want HAProxy to check client certificate's validity via OCSP (or CRL whatever can be used). CA and OCSP will be in the same system.

    Will this be possible? If so, could I please get some advice regarding how to do this? pfSense has the latest community edition.

    Hope I can get some help. Thanks.

    Eoin

    fba08439-6b9f-46f5-a826-d64292c8d13e-image.png

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received