Haproxy doesnt offer cert without CN name

maddy · December 22, 2020, 6:05am

Hi all,

I have this haproxy config and my certificate without any CN / SAN field .When i try to connect to the port it fails with handshake error.

global
maxconn 32768
#nbproc 3
nbthread 4
tune.ssl.default-dh-param 2048
log /dev/log local5
stats socket ipv4@127.0.0.1:9999 level admin
stats socket /var/run/haproxy.sock mode 666 level admin
stats timeout 2m
ssl-default-bind-ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:AES256-SHA:AES128-SHA:DHE-RSA-AES128-SHA
ssl-default-bind-options ssl-min-ver TLSv1.0

defaults
log global
mode http
option dontlognull
option redispatch
no option http-use-htx

bind-process 1

This opens port 443 and 8443, and redirects it to 84 Proxy

listen ssl

bind 0.0.0.0:443 tfo ssl crt /usr/local/platform/.security/tomcat/keys/HAProxy_tomcat.pem npn http/1.1 curves P-256:P-384:P-521 prefer-client-ciphers
server http 127.0.0.1:84 send-proxy-v2

frontend http

bind 127.0.0.1:84 tfo accept-proxy
acl is_ssl fc_rcvd_proxy
#acl is_ssl ssl_fc
option nolinger
default_backend localserver

backend localserver
server s1 127.0.0.1:6970

Topic		Replies	Views
HAProxy unable to verify device certificate Help!	2	651	February 15, 2021
Trying to install SSL Cert for use with HAPROXY. No luck Help!	10	10949	January 7, 2019
SSL Configuration for HAProxy 1.6.12 Help!	0	1256	July 4, 2017
Haproxy w/ssl 'SSL handshake failure' Help!	3	10263	February 10, 2023
What ca-file will facilitate an actual SSL Handschake to a remote Nginx server? Help!	1	1785	June 27, 2022

Haproxy doesnt offer cert without CN name

This opens port 443 and 8443, and redirects it to 84 Proxy

Related topics