I’ve done it before on OPNSense but am now attempting to do it with docker and am running into issues.
I have this line in my bind: crt /usr/local/etc/haproxy/certs/ ca-file /etc/haproxy/CA/CA.pem verify required
I have used that CA to create a Client Cert. if I export the certificate as a .pem and I run OpenSSL verify, it responds that they match. However, when I installed the .pem on my MacOS or iOS device and attempt to access the site I am prompted with the following error: “The required certificate is not installed” if I export the Client Cert as a .p12, and install it on my MacOS or iOS (first it says it’s not signed even though it should be and the .pem is), then I get the prompt that I have the cert and ask if I want to use it. When I press continue the webpage stays on whatever the page was before attempting to access my site and HAProxy logs say “ssl client ca chain cannot be verified”.
I’ve seen the same issues posted before but the solutions don’t work for me. Most of what I’ve seen is making sure it’s all in the right order (key, client/server, ca) which mine does, the server certs all work perfectly, the server and client are both signed by the same CA. And making sure OpenSSL verify responds with “ok” which mine does. Any thoughts/opinions/ideas?
Thank you for your time and help!