HAProxy - ssl client ca chain cannot be verified

Solution 1:

The files server.pem and client.pem should have 3 sections in it and should look like this:

-----BEGIN RSA PRIVATE KEY-----
<lots of base64 encoded data>
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
<lots of base64 encoded data>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<lots of base64 encoded data>
-----END CERTIFICATE-----

The private key might not be RSA, but it should be first. The first certificate is the signed server certificate. The second certificate should be the CA certificate. You can copy and paste each section using a text editor. To check your certificate, run this.

$ openssl verify -CAfile ca1-certificate.pem server.pem
server.pem: OK