Wildcard Cert FE, Self-signed BE

notreallyanengineer · April 4, 2023, 1:58pm

Hello everyone,

I have a FE I am trying to create. The FE is using a wildcard.domain.com certificate. The backend servers connect on 443, and use a self-signed certificate. In packet captures, I get a fatal error from the health checks (error 21, which is due to unknown CA). I have modified the health checks to use ‘check-ssl verify none’ and my backend is up. The servers are also up when I hit them individually.

It’s returning a 502 error when I try to access the server via load balancer. It looks like HAProxy won’t connect to the backend. Do I somehow need to ‘force’ it to trust the self signed certificate? This works in f5, but not here.

Ideas?

EDIT: 502, not 503

EDIT: SOLVED!! Thanks everyone!

lukastribus · April 4, 2023, 2:00pm

Post the entire configuration and the exact log outputs.

igor · April 4, 2023, 2:57pm

Hi,

In haproxy config we are using this line to skip cert check:

server servername server_ip:443 ssl check cookie s1 sni req.hdr(Host) verify none

Topic		Replies	Views
Ignore autosigned Certificate Help!	4	535	March 11, 2020
What is wrong with this config? Help!	6	3280	September 6, 2018
Multi Wildcard SSL Certificat Not Working Help!	2	902	September 19, 2022
Can't connect to backend server if they are using SSL with wildcard Subject Alternative Names Help!	7	241	February 10, 2024
Haproxy 2.8 uses self signed certificate - where does it take it from? Help!	6	255	November 9, 2023

Wildcard Cert FE, Self-signed BE

Related Topics