OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • HA Proxy with self signed Certs + Verify SSL Certificate
« previous next »
  • Print
Pages: [1]

Author Topic: HA Proxy with self signed Certs + Verify SSL Certificate  (Read 2250 times)

mliebherr

  • Newbie
  • *
  • Posts: 22
  • Karma: 0
    • View Profile
HA Proxy with self signed Certs + Verify SSL Certificate
« on: August 10, 2018, 01:04:21 pm »
Hello,

my goal is to set up a reverse proxy to allow https access to my exchange server only with signed certs.

Here is my setup: https://image.ibb.co/hrpUMU/opnsense_HA_Proxy.jpg

There is an  option called: "Verify SSL Certificate" in the Real Servers TAB.

I guess this is for the communication between HA_Proxy and the Real Backend Server.

Can i enable this "Verify SSL Certificate" for the public side, too?

For my Test scenario i used HTTP as a backend to make sure i dont have some ssl mistakes here.

In a nutshell: Where can i enable "Verify SSL Certificate" on the WAN/Public side?

Thanks, Mario
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6291
  • Karma: 432
    • View Profile
Re: HA Proxy with self signed Certs + Verify SSL Certificate
« Reply #1 on: August 10, 2018, 01:07:51 pm »
Do you need client certificate authentication so only users with client certificates can connect to HAProxy?
Logged
Twitter: mimu_muc
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

mliebherr

  • Newbie
  • *
  • Posts: 22
  • Karma: 0
    • View Profile
Re: HA Proxy with self signed Certs + Verify SSL Certificate
« Reply #2 on: August 10, 2018, 01:20:53 pm »
Yes!
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6291
  • Karma: 432
    • View Profile
Re: HA Proxy with self signed Certs + Verify SSL Certificate
« Reply #3 on: August 10, 2018, 02:10:36 pm »
It's not (yet) possible:
https://github.com/opnsense/plugins/issues/426

You can ping the author via github ...

Logged
Twitter: mimu_muc
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • HA Proxy with self signed Certs + Verify SSL Certificate
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2