Wildcard Cert FE, Self-signed BE

Hello everyone,

I have a FE I am trying to create. The FE is using a wildcard.domain.com certificate. The backend servers connect on 443, and use a self-signed certificate. In packet captures, I get a fatal error from the health checks (error 21, which is due to unknown CA). I have modified the health checks to use ‘check-ssl verify none’ and my backend is up. The servers are also up when I hit them individually.

It’s returning a 502 error when I try to access the server via load balancer. It looks like HAProxy won’t connect to the backend. Do I somehow need to ‘force’ it to trust the self signed certificate? This works in f5, but not here.


EDIT: 502, not 503

EDIT: SOLVED!! Thanks everyone!

Post the entire configuration and the exact log outputs.


In haproxy config we are using this line to skip cert check:

server servername server_ip:443 ssl check cookie s1 sni req.hdr(Host) verify none

1 Like