HAProxy and Intermediate SSL Certificate Issue
Posted
by
Sam K
on Server Fault
See other posts from Server Fault
or by Sam K
Published on 2014-08-21T14:21:46Z
Indexed on
2014/08/21
16:22 UTC
Read the original article
Hit count: 245
We are currently experiencing an issue with verifying a Comodo SSL certificate on an Ubuntu AWS cluster. Browsers are displaying the site/content fine and showing all the relevant certificate information (at least, all the ones we've checked), but certain network proxies and the online SSL checkers are showing we have an incomplete chain.
We have tried the following to try to resolve this:
- Upgraded haproxy to the latest 1.5.3
- Created a concatenated ".pem" file containing all the certificate (site, intermediate, w/ and w/out root)
- Added an explicit "ca-file" attribute to the "bind" line in our haproxy.cfg file.
The ".pem" file verifies OK using openssl. The various intermediate and root certificates are installed and showing in /etc/ssl/certs. But the checks still come back with an incomplete chain.
Can anyone advise about anything else we can check or any other changes we can make to try to fix this?
Many thanks in advance...
UPDATE: The only relevant line from the haproxy.cfg (I believe), is this one:
bind *:443 ssl crt /etc/ssl/domainaname.com.pem
© Server Fault or respective owner