HAProxy community

Check Certificate in Backend possible


Hi everyone,

As i already mentioned in another post, I am using just one front end and more backends.
as for one specific location is a certificate check necessary, i would like to check in that specific backend and for the specific site.
the apache for this section shows like this :

Location /api
Allow from all
Satisfy any
SSLVerifyClient require
SSLVerifyDepth 2
SSLRequire ( %{SSL_CLIENT_S_DN_O} eq “Company name”
and %{SSL_CLIENT_S_DN_OU} eq “department”
and %{SSL_CLIENT_S_DN_C} eq “US”
and %{SSL_CLIENT_S_DN_CN} in { “User_1”, “host01” }
ProxyPass nocanon

Any ideea how I can rewrite from apache to haproxy ?

Thanks and cheers,


If I understand correctly you are talking about client certificate verification, and you would like to do that in one specific URI.

That’s not possible with haproxy.


Yes @lukastribus, i’m talking about client certificate verification and yes i would like to do it for www.example.com/api but www.example.com should be available to all.



Like I said this is not possible with Haproxy. Apache is pretty much the only product that can do this.

The recommended way is to use a different (SNI-) hostname and certificate for this, and negotiate client certificates in the beginning.


Thank you very much for your help.