HA Proxy with self signed Certs + Verify SSL Certificate

mliebherr · August 10, 2018, 01:04:21 PM

Hello,

my goal is to set up a reverse proxy to allow https access to my exchange server only with signed certs.

Here is my setup: https://image.ibb.co/hrpUMU/opnsense_HA_Proxy.jpg

There is an option called: "Verify SSL Certificate" in the Real Servers TAB.

I guess this is for the communication between HA_Proxy and the Real Backend Server.

Can i enable this "Verify SSL Certificate" for the public side, too?

For my Test scenario i used HTTP as a backend to make sure i dont have some ssl mistakes here.

In a nutshell: Where can i enable "Verify SSL Certificate" on the WAN/Public side?

Thanks, Mario

mimugmail · August 10, 2018, 01:07:51 PM

Do you need client certificate authentication so only users with client certificates can connect to HAProxy?

mliebherr · August 10, 2018, 01:20:53 PM

Yes!

mimugmail · August 10, 2018, 02:10:36 PM

It's not (yet) possible:
https://github.com/opnsense/plugins/issues/426

You can ping the author via github ...

HA Proxy with self signed Certs + Verify SSL Certificate

mliebherr

August 10, 2018, 01:04:21 PM

mimugmail

August 10, 2018, 01:07:51 PM #1

mliebherr

August 10, 2018, 01:20:53 PM #2

mimugmail

August 10, 2018, 02:10:36 PM #3