How can I verify backend server use root CA file?

oweir29 · March 19, 2019, 9:48am

global
	tune.ssl.default-dh-param 2048
defaults
	log 127.0.0.1:514 user
	timeout connect 5000ms
	timeout client 5000ms
	timeout server 5000ms
	mode http
	option httplog
listen reverse-proxy
	bind 127.0.0.1:80
	acl test_acl hdr_end(host) -i wikipedia.org
	use_backend wikipedia if test_acl
backend wikipedia
	server wikipedia-server 208.80.153.224:443 ssl verify required ca-file /home/test/haproxy-certificate/GlobalSignRootCA.crt

For example www.wikipedia.org , I try to export the root CA of www.wikipedia.org from Firefox but it doesn’t work and complain with one haproxy 503 page.
If I export the whole certification chain of *.wikipedia.rog it is works, but I just want to verify the root CA because root CA almost never expired.

Topic		Replies	Views
Backend SSL usage, how? Help!	2	308	February 15, 2022
Use tcp backend based on map and ssl_c_s_dn Help!	3	861	October 30, 2020
Force Haproxy to send client certificate if server client-CA list does not contain matching CA Help!	1	920	July 28, 2020
Haproxy as reverse HTTPS proxy Help!	13	7494	August 20, 2018
How to set ssl verify client for specific domain name Help!	13	22569	June 25, 2023

How can I verify backend server use root CA file?

Related Topics