I have a rather simple setup where connection fails on the frontend with “SSL client certificate not trusted” and I’m really running out of ideas. I have checked everything multiple times and did not find anything wrong.
Also when using the same certificates on the backend without haproxy involved it works flawlessly. Also when removing “verify required ca-file ca.pem” form the frontend config it works.
Frontend config is quite simple as follows:
frontend testFE mode tcp option tcplog bind *:443 ssl crt /etc/haproxy/ssl/crt/server.pem verify required ca-file /etc/haproxy/ssl/ca/ca.pem default_backend testBE
Any suggestions how to track this down any further?
Thanks a lot for your suggestions.