, Sam Crowell (crowes...@gmail.com) wrote:
> Thanks, this is what I was looking for. I could just call a reload of the
> LB with the PID whenever the CRL was updated by the cron.
>
> Is there a requirement to bind on 443 for this method or can I make it
> anything?
>
> A
t like that even be noticed?
>
> Daniel
>
> On 18 Feb 2017, at 07:28, Willy Tarreau <w...@1wt.eu> wrote:
>
> On Fri, Feb 17, 2017 at 07:20:14PM -0500, Sam Crowell wrote:
> Thanks for the response Daniel. What is the best way to handle SSL traffic
> through a load balancer
, of course, but passing encrypted streams back
and forth is a completely valid use case. Just keep anything TLS out of the
haproxy config for these front ends and backends. :-)
On 18 Feb 2017, at 01:27, Sam Crowell <crowes...@gmail.com> wrote:
I guess it’s probably the same answer, it’s w
I guess it’s probably the same answer, it’s working as intended and even
with passthrough the load balancer certificate does not match the backend
server so it still throws the warning which makes sense.
On February 17, 2017 at 7:20:14 PM, Sam Crowell (crowes...@gmail.com) wrote:
Thanks
. By definition, you won't be able to get a hold
of it, as the real server alone has it.
All inspecting TLS proxies communicate with their own private
key/certificate pair with the client. There is no way around that.
Regards,
Daniel
> On 18 Feb 2017, at 00:47, Sam Crowell <crowes...@gmail.com&
Is there a way to do SSL termination at the load balancer, but then send
the original certificate to the backend server? I have seen plenty of
notes and configs for SSL passthrough and SSL termination with
re-encryption by the load balancer certificate.
Even with passthrough, I still have to
6 matches
Mail list logo
