I am new in HAProxy and I have in our quality environment a scenario that works great without ssl.
Now, I want to test with SSL. My scenario is:
OS: Alpine Linux 3.12 (Linux Kernel 5.4.43-1-lts).
I have read the HAProxy Deployment guide - Infrastructure Layouts Involving TLS - I have tested the SSL/TLS pass-through mode and seem that works more or less well but in the browser the certificate is highlighted like no valid. If I access to web server directly the certificate is considered valid.
Have I to add the FQDN of the HAProxy server in the SAN attribute of the web server certificate?
The other option that I have considered is the SSL/TLS bridging or re-encryption mode. If I have understood well, I need the web server certificate and the private key merged in the same .pem file. Although I am able to generate the certificates for our web servers I am not have the private key (we are CA). So, I can not use this mode, right?