Hi,
I am new in HAProxy and I have in our quality environment a scenario that works great without ssl.
Now, I want to test with SSL. My scenario is:
OS: Alpine Linux 3.12 (Linux Kernel 5.4.43-1-lts).
HAProxy: 2.1.4
I have read the HAProxy Deployment guide - Infrastructure Layouts Involving TLS - I have tested the SSL/TLS pass-through mode and seem that works more or less well but in the browser the certificate is highlighted like no valid. If I access to web server directly the certificate is considered valid.
Have I to add the FQDN of the HAProxy server in the SAN attribute of the web server certificate?
The other option that I have considered is the SSL/TLS bridging or re-encryption mode. If I have understood well, I need the web server certificate and the private key merged in the same .pem file. Although I am able to generate the certificates for our web servers I am not have the private key (we are CA). So, I can not use this mode, right?
now, when I access, I got that the certificate is not valid and when I open the certificate from the browser in “Certificate Path” say “This Certificate is OK”
do you have some idea why the browser say me that it is not valid?
other thing that I have noted is when I restart the haproxy service, I am asked by the Enter PEM pass phrase, how can I avoid this?
Fixed.
the root cause was that the certificate had not a san attribute. when I have added the san attribute in the csr the browse show like certificate valid.