We have a backend system that communicates over SSL and clients must present a Client Certificate.
We are using HAProxy as a Reverse Proxy to these servers.
Our configuration looks like this -
global
log /dev/log local0
log /dev/log local2 error
user haproxy
group haproxy
daemon
defaults
log global
option dontlognull
timeout connect 5000
timeout client 5000
timeout server 5000
listen stats
bind *:8081
mode http
stats enable
stats uri /
stats realm Haproxy\ HAProxy Statistics
stats auth xxxxx:xxxxx
frontend www-https-in
mode tcp
bind *:443 transparent ssl crt /etc/cert/site.pem ca-file /etc/cert/cacert.pem verify required
default_backend app_backend
backend app_backend
mode tcp
stick-table type ip size 200k expire 30m
stick on src
server appserv1 10.10.10.12:8000 ssl crt /etc/cert/site.pem verify none
The Reverse Proxy works and the Client Certificate functions at the Front - but the backend is attempting to validate a SSL Certificate and not the Clients Certificate.
How do I get the Client Certificate to pass through to the appserver?