What is the recommended configuration for using CA certificates with Certificate chain?
We tried to use single pem file with both CA and root certificates and used ca-file configuration param:
and also both
ca-file configuration param like:
ca-file /mnt/certificates/ca.pem ca-verify-file /mnt/certificates/ca-root.pem
but in both cases root is not loaded. Could someone suggest the correct configuration?
for me, it isn’t 100% clear, what you are trying to do.
Do you want to check client-certificates, add root-certificates for https-backends or secure your frontends with corresponding ssl-certificates?
We would like to secure frontends with corresponding ssl-certificates.
Then, ca-file is the wrong location
You should have a look here => crt
Example from my config:
bind *:443 ssl crt /etc/haproxy/ssl/ alpn h2,http/1.1