Hello,
I want to use the Syncthing Discovery server behind HAproxy with ssl offloading by HAproxy. To do so I set the discovery server to http (option -http). The connection is running. But I must forward the client certificate by header X-SSL-Cert. Acc. the manual the header is required in PEM format.
This would add the client cert in der format what is not recognized by the discovery server:
http-request set-header X-SSL-Cert %{+Q}[ssl_c_der,base64]
I modified the line to create a pem file. Either nothing is in or it is in wrong format.
http-request set-header X-SSL-Cert -BEGIN\ CERTIFICATE-\ %[ssl_c_der,base64]\ -END\ CERTIFICATE-\ # don't forget last space
Connection is running. But discovery still cannot read the client cert:
no certificates: certificate decode result is empty
Any idea how to set-up the forwarding of client certificate by header correctly in OPNsense?