OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: mliebherr on August 10, 2018, 01:04:21 pm

Title: HA Proxy with self signed Certs + Verify SSL Certificate
Post by: mliebherr on August 10, 2018, 01:04:21 pm

Hello,

my goal is to set up a reverse proxy to allow https access to my exchange server only with signed certs.

Here is my setup: https://image.ibb.co/hrpUMU/opnsense_HA_Proxy.jpg

There is an  option called: "Verify SSL Certificate" in the Real Servers TAB.

I guess this is for the communication between HA_Proxy and the Real Backend Server.

Can i enable this "Verify SSL Certificate" for the public side, too?

For my Test scenario i used HTTP as a backend to make sure i dont have some ssl mistakes here.

In a nutshell: Where can i enable "Verify SSL Certificate" on the WAN/Public side?

Thanks, Mario

Title: Re: HA Proxy with self signed Certs + Verify SSL Certificate
Post by: mimugmail on August 10, 2018, 01:07:51 pm

Do you need client certificate authentication so only users with client certificates can connect to HAProxy?

Title: Re: HA Proxy with self signed Certs + Verify SSL Certificate
Post by: mliebherr on August 10, 2018, 01:20:53 pm

Yes!

Title: Re: HA Proxy with self signed Certs + Verify SSL Certificate
Post by: mimugmail on August 10, 2018, 02:10:36 pm

It's not (yet) possible:
https://github.com/opnsense/plugins/issues/426

You can ping the author via github ...