Backend SSL usage, how?

bhart · February 11, 2022, 5:56pm

So I’ve got working Haproxy servers, the boss wants me to make sure the back end is using SSL as well. So I’ve made sure the backend servers have domain signed certs, I have the CA pem file on my test hap server and my server directive like so:

server dc02 10.100.160.12:636 maxconn 100 check ssl fall 3 rise 1 inter 2s verify none check check-ssl ca-file /etc/ssl/private/hap/ca/domain-ca.pem

Thinking about how SSL works… I’m going to need the FQDN value in here for that server. So if I change it to this:

server dc02 dc01.domain.net:636 maxconn 100 check ssl fall 3 rise 1 inter 2s verify none check check-ssl ca-file /etc/ssl/private/hap/ca/domain-ca.pem

Can anyone confirm this look ok?

bhart · February 14, 2022, 12:38pm

So I had some help with part of this issue a few months ago. But now I’m being questioned about is that backend connection really using SSL. Apart from the configs showing port 636, and the presense of a valid domain-based CA I honestly don’t know how to prove this.

bhart · February 15, 2022, 12:14pm

Ok well no help here.

Topic		Replies	Views
Troubleshooting SSL Handshake Failure (backend) Help!	4	1022	December 11, 2022
Use tcp backend based on map and ssl_c_s_dn Help!	3	991	October 30, 2020
Help me with ssl Help!	1	417	April 12, 2020
Backend server ssl verification error Help!	3	1497	May 13, 2022
SSL Pass-Through Process Flow? Help!	8	4819	December 7, 2021

Backend SSL usage, how?

Related Topics