Haproxy's documentation says the ssl and the verify server option enable verify on backend server's certificate via one ca-file but I try to use Firefox export the backend server's CA file then use the exported CA file to verify backend server and I get the 503 Service Unavailable prompt.
Why the CA file and SSL verify doesn't work?
Asked
Active
Viewed 1,852 times
-1
illiterate
- 149
- 7
1 Answers
0
Why the CA file and SSL verify doesn't work?
The reason is you export the CA file as X.509 Certificate (PEM), that is not the correct CA file.
You must use the ca-file server option with the correct CA file.
Use Browser(Firefox) Export website certificate save as X.509 Certificate with chain(PEM) to get the correct CA file.
For example server wikipedia-server 208.80.153.224 ssl verify required ca-file /path/to/*wikipediaorg.crt
illiterate
- 149
- 7