Verify client certificate per location

fgbreel · December 15, 2015, 2:22pm

Hi, I’m using HAProxy with client certificate checking with verify optional and checking for ssl_c_used and/or ssl_c_verify combined with http-request deny for just one location.

http-request deny if { path /mysecurepath } !{ ssl_c_verify ne 0 }

My problem is the client certificate is requested to the client when using an Android browser for example.

It is possible to use verify none to not ask for the client certificate but be able to use ssl_c_used and ssl_c_verify?

fgbreel · December 18, 2015, 9:09pm

I think I’m doing something wrong here, because the client names need to be sent, and then, the request is made, so the server need to send the CA before the GET|HEAD be accepted. Doh!

Topic		Replies	Views
Check Certificate in Backend possible Help!	4	1244	June 22, 2017
How to set ssl verify client for specific domain name Help!	13	24367	June 25, 2023
Ssl_client_certificate and ssl_verify_client to haproxy Help!	3	2990	December 20, 2018
Verify Client Cert not working as expected Help!	0	405	December 23, 2022
mTLS by path - requiring client verification for some paths Help!	7	3538	February 13, 2021

Verify client certificate per location

Related topics