Hi!
Il 17/04/20 18:43, Davide Guarneri ha scritto:
crt /etc/haproxy/ssl/cert.pem ca-file /etc/haproxy/ssl/ca-chain.cert.pem
verify required crl-file /etc/haproxy/ssl/intermediate.crl.pem
I would verify how the certificates and the keys are placed in the files.
/etc/haproxy/ssl/cert.pem must contain "both the required certificates
and any associated private keys. [...] If your CA requires an
intermediate certificate, this can also be concatenated into this file."
(from HAProxy documentation)
The client certificate is checked against the signature of the CAs
defined in /etc/haproxy/ssl/ca-chain.cert.pem
Moreover it is checked if the client certificate is listed in the
certificate revocation list in /etc/haproxy/ssl/intermediate.crl.pem
Hope this helps
Ciao!
.marcoc
