Reputation: 595
HAProxy load balancer: Peer's Certificate issuer is not recognized
I just setup a load balancer with HAProxy 1.5.2, and the HTTPS frontend work incorrectly.
I use curl to make an request to my server as follow: curl https://haproxy.example.com The output as follows:
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
The following are the configuration:
frontend https-in bind *:443 ssl crt /var/crt/mycrt.pem ca-file /var/crt/myca.crt
reqadd X-Forwarded-Proto:\ https
default_backend https-in-443
The /var/crt/myca.crt are the CA bundle file.
Anybody can help on this issue? thanks a lot.
Upvotes: 0
Views: 3862
Answers (1)
Reputation: 595
Finally, i fixed this issue
Just added "verify optional" to the end of bind *:443 ssl crt /var/crt/mycrt.pem ca-file /var/crt/myca.txt as follow
Reference: HAProxy: client side ssl certificates
Upvotes: 0
Related Questions
- curl - suppress certificate verification error text, not error itself
- Issuer certificate is invalid in self signed SSL certificate
- Self signed cert in chain from only some servers
- HAproxy: how to install an intermediate SSL certificate
- Curl command for https ( SSL )
- HAProxy 1.5-dev19 Unable to load SSL certificate
- vagrant add box laravel/homestead
- SSL: certificate not recognized after destination has changed ip address
- Get 60 error with curl -L https://get.rvm.io | bash -s