What is recommended configuration for using CA certificates with Certificate chan?

szmip · September 13, 2023, 1:01pm

Hello,

What is the recommended configuration for using CA certificates with Certificate chain?

We tried to use single pem file with both CA and root certificates and used ca-file configuration param:
ca-file /mnt/certificates/ca.pem

and also both ca-verify-file and ca-file configuration param like:
ca-file /mnt/certificates/ca.pem ca-verify-file /mnt/certificates/ca-root.pem

but in both cases root is not loaded. Could someone suggest the correct configuration?

MaEh86 · September 14, 2023, 6:45am

Hello,

for me, it isn’t 100% clear, what you are trying to do.
Do you want to check client-certificates, add root-certificates for https-backends or secure your frontends with corresponding ssl-certificates?

best regards,
Markus

szmip · September 14, 2023, 7:07am

Hello,

We would like to secure frontends with corresponding ssl-certificates.

Regards,
Paweł

MaEh86 · September 14, 2023, 7:40am

Then, ca-file is the wrong location

You should have a look here => crt

Example from my config:

frontend haproxy-prod-frontend-https
bind *:443 ssl crt /etc/haproxy/ssl/ alpn h2,http/1.1

best regards,
Markus

Topic		Replies	Views
Multiple ca-file parameter Help!	0	407	March 29, 2023
SSL client certificate not trusted Help!	6	5629	November 15, 2021
Unable to load certificate chain Help!	0	1025	March 8, 2023
Haproxy as server with CA signed cert to fetch self-signed client certificate Help!	5	7642	August 11, 2016
When using client SSL authentication with multiple CAs how should the CRL be constructed? Help!	2	3989	March 14, 2018

What is recommended configuration for using CA certificates with Certificate chan?

Related topics