HAProxy - ssl client ca chain cannot be verified

certificate openssl haproxy

Solution 1:

The files server.pem and client.pem should have 3 sections in it and should look like this:

-----BEGIN RSA PRIVATE KEY-----
<lots of base64 encoded data>
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
<lots of base64 encoded data>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<lots of base64 encoded data>
-----END CERTIFICATE-----

The private key might not be RSA, but it should be first. The first certificate is the signed server certificate. The second certificate should be the CA certificate. You can copy and paste each section using a text editor. To check your certificate, run this.

$ openssl verify -CAfile ca1-certificate.pem server.pem
server.pem: OK

Related

MySQL is VERY slow on my ext4 file system [closed]
How to reinstall broken mysql package
StrongSwan ipsec ubuntu "ignoring informational payload, type NO_PROPOSAL_CHOSEN"
Recovering a specific job definition from an MSDB backup?
Windows file explorer using port 80 (webdav) instead of 445 (samba smb cifs) for UNC path
'More details' button pushes row of images out of line
Extract an array from a postgres json column and map it
Is it possible to expand GCC/Clang compile and link options that start with "-f"?
How to bold title in notification?
leaflet labels overlap fix - leaflet::addMarkers
Conda env not available on ci but available locally
R: Compute Cohen's d based on t-statistic of a coefficient in multiple linear regression