Configuring HAProxy with servers that have unique SAN certs

coffeeortea · February 27, 2024, 2:39am

I’m trying to configure HAProxy for the first time (pfSense package), but I can’t figure out how to configure it for my servers that already have their own SAN certificate.

Each of my servers are setup with unique SAN certs for their subdomain, such as server1.domain.com, server2.domain.com, etc., and the renewal is automated so there’s no extra work at this point. How do I configure HAProxy to not apply its own encryption and acknowledge the certs that the servers already have? Everything that I’ve tried so far results in SSL errors or not being able to reach the server.

mrks · March 4, 2024, 2:34pm

Maybe this helps you a bit.

Other solution is to use ssl offloading, using haproxy to handle the san certificates and renewal, and passing the traffic to the webservers. Here you can use ssl too, to encrypt the traffic between haproxy and the webservers. Therefore, you can use letsencrypt to create ssl certificates on the webservers.

Topic		Replies	Views
What is wrong with this config? Help!	6	3683	September 6, 2018
Does HAProxy support multiple certificates for the same domain? Help!	2	3136	March 19, 2023
Please help get a noob up and running Help!	0	470	July 1, 2021
Unable to renew SSL certificates with servers using SSL passthrough Help!	1	632	October 11, 2021
Haproxy SSL pass through Help!	4	1083	September 9, 2021

Configuring HAProxy with servers that have unique SAN certs

Related topics