HAProxy and Intermediate SSL Certificate Issue

Posted by Sam K on Server Fault See other posts from Server Fault or by Sam K
Published on 2014-08-21T14:21:46Z Indexed on 2014/08/21 16:22 UTC
Read the original article Hit count: 245

We are currently experiencing an issue with verifying a Comodo SSL certificate on an Ubuntu AWS cluster. Browsers are displaying the site/content fine and showing all the relevant certificate information (at least, all the ones we've checked), but certain network proxies and the online SSL checkers are showing we have an incomplete chain.

We have tried the following to try to resolve this:

  1. Upgraded haproxy to the latest 1.5.3
  2. Created a concatenated ".pem" file containing all the certificate (site, intermediate, w/ and w/out root)
  3. Added an explicit "ca-file" attribute to the "bind" line in our haproxy.cfg file.

The ".pem" file verifies OK using openssl. The various intermediate and root certificates are installed and showing in /etc/ssl/certs. But the checks still come back with an incomplete chain.

Can anyone advise about anything else we can check or any other changes we can make to try to fix this?

Many thanks in advance...

UPDATE: The only relevant line from the haproxy.cfg (I believe), is this one:

bind *:443 ssl crt /etc/ssl/domainaname.com.pem

© Server Fault or respective owner

Related posts about ubuntu

Related posts about ssl