global
tune.ssl.default-dh-param 2048
defaults
log 127.0.0.1:514 user
timeout connect 5000ms
timeout client 5000ms
timeout server 5000ms
mode http
option httplog
listen reverse-proxy
bind 127.0.0.1:80
acl test_acl hdr_end(host) -i wikipedia.org
use_backend wikipedia if test_acl
backend wikipedia
server wikipedia-server 208.80.153.224:443 ssl verify required ca-file /home/test/haproxy-certificate/GlobalSignRootCA.crt
For example www.wikipedia.org , I try to export the root CA of www.wikipedia.org from Firefox but it doesn’t work and complain with one haproxy 503 page.
If I export the whole certification chain of *.wikipedia.rog it is works, but I just want to verify the root CA because root CA almost never expired.