How does one forward a client authentication certificate through HA proxy while terminating TLS?

certificate client-certificate haproxy

You can set various HTTP headers to be sent to the backend regarding the TLS client certificate that was presented. For example:

frontend intranet
    bind 10.20.30.40:443 ssl crt /etc/haproxy/pem/server.pem ca-file /etc/haproxy/pem/client-chain.pem verify required
    http-request set-header X-SSL                       %[ssl_fc]
    http-request set-header X-SSL-Client-Verify         %[ssl_c_verify]
    http-request set-header X-SSL-Client-SHA1           %{+Q}[ssl_c_sha1]
    http-request set-header X-SSL-Client-DN             %{+Q}[ssl_c_s_dn]
    http-request set-header X-SSL-Client-CN             %{+Q}[ssl_c_s_dn(cn)]
    http-request set-header X-SSL-Issuer                %{+Q}[ssl_c_i_dn]
    http-request set-header X-SSL-Client-Not-Before     %{+Q}[ssl_c_notbefore]
    http-request set-header X-SSL-Client-Not-After      %{+Q}[ssl_c_notafter]
    default_backend your_backend

Your application must then examine the headers and take appropriate action.

This example was taken from raymii.org where you may find some additional useful information about using client certificates with HAProxy, such as validating the client certificate and rejecting invalid certificates.

Related

``date`` in terminal now in 12hr format on Debian Buster
How does systemd ask units to reload configuration?
CentOS not considering daylight saving on timezone
Powershell disk management
SECURITY: Should containers run TLS or can they rely on its sidecar?
VNC on Vista
Logarithmic returns in pandas dataframe
How to check if list is empty using thymeleaf?
smallest filesize for transparent single pixel image
google map API zoom range
Filtering Eloquent collection data with $collection->filter()
Difference between Width:100% and width:100vw?