Hello everyone,
I'm trying to setup haproxy to handle TLS request with mutual
authentication and CRL,
here's an extract of the current configuration:
```
frontend mqtts_frontend
bind *:8883 ssl crt /etc/haproxy/ssl/cert.pem ca-file
/etc/haproxy/ssl/ca-chain.cert.pem verify required crl-file
/etc/haproxy/ssl/intermediate.crl.pem
default_backend mqtts_backend
backend mqtts_backend
server mqtt1 mqtt1:1884 check send-proxy
server mqtt2 mqtt2:1884 check send-proxy
```
Those certificates are working with my current apache setup, when i test
with openssl
everything is working: Verify return code: 0 (ok)
The problem is that when I test against the haproxy i receive the following
error
Verify return code: 19 (self signed certificate in certificate chain).
If I remove the "crl-file /etc/haproxy/ssl/ca.crl.pem" everything goes OK,
but I need to handle the revocate clients.
The chain of server certificate is: CARoot -> Intermediate -> Server
The clients have a certificate signed also by Intermediate. And also cert
CRL is signed by Intermediate.
Have you any suggestions?
Thanks,
Davide
