How can I verify Haproxy backend HTTPS server as in browser I can?How can I make Haproxy don't send SNI field...

Can one live in the U.S. and not use a credit card?

NASA's RS-25 Engines shut down time

Could you please stop shuffling the deck and play already?

Distinction between apt-cache and dpkg -l

Accepted offer letter, position changed

If I receive an SOS signal, what is the proper response?

How many characters using PHB rules does it take to be able to have access to any PHB spell at the start of an adventuring day?

What wound would be of little consequence to a biped but terrible for a quadruped?

Can Mathematica be used to create an Artistic 3D extrusion from a 2D image and wrap a line pattern around it?

Did Carol Danvers really receive a Kree blood tranfusion?

Why would one plane in this picture not have gear down yet?

In the late 1940’s to early 1950’s what technology was available that could melt a LOT of ice?

How to detect if C code (which needs 'extern C') is compiled in C++

Should I tell my boss the work he did was worthless

Is it "Vierergruppe" or "Viergruppe", or is there a distinction?

Is it necessary to separate DC power cables and data cables?

Filtering SOQL results with optional conditionals

Latex does not go to next line

Are tamper resistant receptacles really safer?

Do f-stop and exposure time perfectly cancel?

Database Backup for data and log files

How can The Temple of Elementary Evil reliably protect itself against kinetic bombardment?

Signed and unsigned numbers

PTIJ: Should I kill my computer after installing software?



How can I verify Haproxy backend HTTPS server as in browser I can?


How can I make Haproxy don't send SNI field to backend server?Getting 502 instead of 503 when all backend servers are down running HAProxy behind ApacheSecuring using SSL multiple web servers behind a single IP addressApache Proxy - SSL Authentication failure on back end of proxy (Client side)HAProxy to redirect http to https for multiple domain names without SSL TerminationCan I use HAProxy's new 'capture' feature to save the remote address in a TCP frontend, and use it as the `X-Forwarded-For` header in an HTTP backend?How to secure HAProxy TCP stats socket? Needed for remote operationHaProxy Frontend to Backend queuing and timeoutsopenldap with haproxy - (ldap_result() failed: Can't contact LDAP server)TCP passthrough for HTTP connection with haproxyhaproxy hide backend url













-1















Haproxy's documentation says the ssl and the verify server option enable verify on backend server's certificate via one ca-file but I try to use Firefox export the backend server's CA file then use the exported CA file to verify backend server and I get the 503 Service Unavailable prompt.
Why the CA file and SSL verify doesn't work?



Note the simplest TCP mode reverse proxy not helpful in this case because I don't want to send the SNI information.






reverse-proxy haproxy







share|improve this question





























    -1















    Haproxy's documentation says the ssl and the verify server option enable verify on backend server's certificate via one ca-file but I try to use Firefox export the backend server's CA file then use the exported CA file to verify backend server and I get the 503 Service Unavailable prompt.
    Why the CA file and SSL verify doesn't work?



    Note the simplest TCP mode reverse proxy not helpful in this case because I don't want to send the SNI information.






    reverse-proxy haproxy







    share|improve this question



























      -1












      -1








      -1








      Haproxy's documentation says the ssl and the verify server option enable verify on backend server's certificate via one ca-file but I try to use Firefox export the backend server's CA file then use the exported CA file to verify backend server and I get the 503 Service Unavailable prompt.
      Why the CA file and SSL verify doesn't work?



      Note the simplest TCP mode reverse proxy not helpful in this case because I don't want to send the SNI information.






      reverse-proxy haproxy







      share|improve this question
















      Haproxy's documentation says the ssl and the verify server option enable verify on backend server's certificate via one ca-file but I try to use Firefox export the backend server's CA file then use the exported CA file to verify backend server and I get the 503 Service Unavailable prompt.
      Why the CA file and SSL verify doesn't work?



      Note the simplest TCP mode reverse proxy not helpful in this case because I don't want to send the SNI information.






      reverse-proxy haproxy




      reverse-proxy haproxy






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 9 mins ago







      illiterate

















      asked 2 days ago









      illiterateilliterate

      1305




      1305






















          1 Answer
          1






          active

          oldest

          votes


















          0














          Why the CA file and SSL verify doesn't work?

          The reason is you export the CA file as X.509 Certificate (PEM), that is not the correct CA file.

          You must use the ca-file server option with the correct CA file.

          Use Browser(Firefox) Export website certificate save as X.509 Certificate with chain(PEM) to get the correct CA file.

          For example server wikipedia-server 208.80.153.224 ssl verify required ca-file /path/to/*wikipediaorg.crt






          share|improve this answer

























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "2"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f957488%2fhow-can-i-verify-haproxy-backend-https-server-as-in-browser-i-can%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Why the CA file and SSL verify doesn't work?

            The reason is you export the CA file as X.509 Certificate (PEM), that is not the correct CA file.

            You must use the ca-file server option with the correct CA file.

            Use Browser(Firefox) Export website certificate save as X.509 Certificate with chain(PEM) to get the correct CA file.

            For example server wikipedia-server 208.80.153.224 ssl verify required ca-file /path/to/*wikipediaorg.crt






            share|improve this answer






























              0














              Why the CA file and SSL verify doesn't work?

              The reason is you export the CA file as X.509 Certificate (PEM), that is not the correct CA file.

              You must use the ca-file server option with the correct CA file.

              Use Browser(Firefox) Export website certificate save as X.509 Certificate with chain(PEM) to get the correct CA file.

              For example server wikipedia-server 208.80.153.224 ssl verify required ca-file /path/to/*wikipediaorg.crt






              share|improve this answer




























                0












                0








                0







                Why the CA file and SSL verify doesn't work?

                The reason is you export the CA file as X.509 Certificate (PEM), that is not the correct CA file.

                You must use the ca-file server option with the correct CA file.

                Use Browser(Firefox) Export website certificate save as X.509 Certificate with chain(PEM) to get the correct CA file.

                For example server wikipedia-server 208.80.153.224 ssl verify required ca-file /path/to/*wikipediaorg.crt






                share|improve this answer















                Why the CA file and SSL verify doesn't work?

                The reason is you export the CA file as X.509 Certificate (PEM), that is not the correct CA file.

                You must use the ca-file server option with the correct CA file.

                Use Browser(Firefox) Export website certificate save as X.509 Certificate with chain(PEM) to get the correct CA file.

                For example server wikipedia-server 208.80.153.224 ssl verify required ca-file /path/to/*wikipediaorg.crt







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited 13 hours ago

























                answered 20 hours ago









                illiterateilliterate

                1305




                1305






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Server Fault!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f957488%2fhow-can-i-verify-haproxy-backend-https-server-as-in-browser-i-can%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    As a Security Precaution, the user account has been locked The Next CEO of Stack OverflowMS...

                    Image
                    Could a dragon use its wings to swim? Is it a bad idea to plug the other end of ESD strap to wall ground? How can I prove that a state of equilibrium is unstable? Compilation of a 2d array and a 1d array pgfplots: How to draw a tangent graph below two others? How dangerous is XSS Gauss' Posthumous Publications? How to implement Comparable so it is consistent with identity-equality What does this strange code stamp on my passport mean? "Eavesdropping" vs "Listen in on" Which acid/base does a strong base/acid react when added to a buffer solution?
                    Read more

                    Список ссавців Італії Природоохоронні статуси | Список |...

                    Image
                    Списки ссавцівФауна ІталіїСписки:ІталіяСсавці Італії ІталіїМСОПХижіCetartiodactylaРукокриліКомахоїдніЗайцеподібніГризуниМСОП ссавці Італії ? Італія Біорегіон Біогеографічний екорегіон Голарктика Екозона Палеарктика Біом субтропічний ліс, альпійські луки, прісні води, континентальний шельф, континентальний схил Місцевість Континент Європа Країна Італія Територія Середземне море Фауна більшого обсягу За географією фауна Європи За систематикою ссавці, фауна Італії За екологією суходільна фауна, морська фауна За біогеографією теріофауна Європи Геологічний вік сучасність Особливості Видовий обсяг 121 Чужорідні види Genetta genetta, Ondatra zibethicus, Oryctolagus cuniculus, Rattus norvegicus, Rattus rattus, Sciurus carolinensis, Tamias sibiricus Список ссавців Італії містить перелік видів, записаних на території Італії (південна Європа) згідно з
                    Read more

                    Українські прізвища Зміст Історичні відомості |...

                    Image
                    АдигськіАбхазькіАзербайджанські [en] Албанські [en] АлтайськіАмериканські [en] Афроамериканські [en] АнглійськіАрабськіБашкирськіБілоруські [en] прізвищаБолгарські [en] БоснійськіБурятськіВельські [en] ВепськіВ'єтнамські [en] Вірменські [en] Гавайські [en] ГолландськіГрецькіГрузинськіДанськіЕстонськіЄврейські [en] Юдейські [en] Ефіопія/Еритрея [en] Зімбабвійські [en] Індіанські [en] ІндійськіІндонезійські [en] Ірландські [en] ІсландськіІспанські і португальськіІталійськіКалмицькі [en] КарельськіКазахськіКамбоджійські [en] Канадські [en] КіргизькіКитайські [en] КоміКорейськіЛатиськіЛитовські [en] Лаоські [en] МарійськіМакедонські [en] Малазійські [en] Монгольські [en] МордовськіНімецькіНорвезькіОсетинськіПерські [en] ПольськіПрибалтійськіПортугальськіРосійськіпрізвищаРумунськіСербськіСкандинавськіСлов'янськіСахаСловацькі [en] Сомалійські [en] ТайванськіТайські [en] Татарські [en] ТибетськіТувинськіТурецькі [en] УгорськіУдмуртськіУкраїнськіпрізвищаФіджійські [en] ФінськіФранцузьк
                    Read more