Hey,
My CA certificate is about to expire and I want to generate new one and rotate the whole system without downtime.
My backends use ca-file which I successfully bundled toghether new+old, and crt directive which contains a key+cert bundle which I bundled with new+old but handshakes are failing.
My setup is like this
client->haproxy1->haproxy2 ->server
I configured the server with old+new, but haproxy1 can’t create a handshake with haproxy2 backends.
I’m wondering what can be done here
Could HAproxy support a mix of new and old CAs, sort of a hybrid state.?