HAProxy not passing through user certificate

philipcowgill · November 2, 2016, 12:36pm

I’m using HAProxy to load balance between four servers, which requires a user to present a certificate in order to login to. When the user hits the webpage they are asked to present their certificate but the certificate never gets through to the server to authenticate with. I’ve tested logging in without HAProxy in front of it and everything works correctly. I have pasted what my configuration setup looks like.

global
uid 0
gid 0
log /dev/log local0
log /dev/log local1 notice
maxconn 45000
daemon

defaults
log global
mode http
option tcplog
option dontlognull
timeout server 86400000
timeout connect 86400000
timeout client 86400000
timeout queue 1000s

frontend 443_oam
bind 192.168.0.208:443
mode tcp
option tcplog
default_backend oam_443

backend oam_443
mode tcp
option ssl-hello-chk
balance roundrobin
server oam01 :443 check
server oam02 :443 check
server oam03 :443 check
server oam04 :443 check

lukastribus · November 3, 2016, 5:40pm

You are only forwarding TCP payload in this configuration, and it will forward everything, including everything related to SSL.

I assume the issue is somewhere else, like your backend not requesting the client certificate if it comes from a trusted IP address (which the haproxy box may be), or only some of the servers request the SSL certificate from the client, so depending on the load-balancing you may hit a server that doesn’t request the certificate from the client.

Topic		Replies	Views
Haproxy SSL pass through Help!	4	1179	September 9, 2021
Is this possible - HAProxy 2 Way SSL - Cert Auth Reverse Proxy Help!	4	5453	January 10, 2019
Certificate/SSL termination problem Help!	3	1798	June 3, 2016
Is 'ssl verify none' work for self-signed certificate in tcp mode helthcheck? Help!	18	49423	December 16, 2020
Haproxy SSL/TLS Passthrough Proxy not working? Help!	1	949	April 4, 2022

HAProxy not passing through user certificate

Related topics