I am using HAProxy version 1.8.10 currently and a self-signed CA. My CA cert file consists of the intermediate and root certificate. Now I want to use a CRL so HAProxy blocks access for revoked client certificates. I generated the CRL file by downloading the CRL’s for the intermediate and root certificate (client CA), converted them from der to pem file and added them together in one file.
Whenever this CRL is configured in my haproxy config, I receive the error “sslv3 alert certificate unknown” on client side and in the haproxy logs I can see “SSL client certificate not trusted” with any certificate I use (revoked or not revoked). Once I remove the CRL I can connect without any problem.
I tried many things to debug this but I can’t find the issue. Can anybody help me please?