Hi Francis, >The only extra piece you could add, if the haproxy side wanted to know >which specific client certificate was used, would be to use some of the >variables listed around http://nginx.org/r/$ssl_client_i_dn in headers >sent to the upstream. Thanks, I will probably need to pass this information to haproxy. Cheers, M.W.by WoMa - Nginx Mailing List - English
Hi Francis I solved this problem maybe not elegantly but it works. 1) Client certificate authentication is set on the nginx side and not on haproxy ssl_client_certificate /etc/pki/tls/certs/CA_COPE_SZAFIR_TEST.cer; 2) Authentication is optional and not required ssl_verify_client optional; 3 ) In locations that require a certificate (/ polishapi and / identityserby WoMa - Nginx Mailing List - English
Hi, all I have path: request https -> nginx -> haproxy -> http application It works fine until I add client certificate authentication on haproxy. When I add client certificate authentication on haproxy I getting error on nginx: 2019/03/14 17:39:39 1090#0: *6254 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:SSL alert nuby WoMa - Nginx Mailing List - English