This is a follow-up question to the other thread "SSL Problem - Untrusted Connection" which has meanwhile been resolved, thanks to Lukas and Duncan. My PEM files are now working properly.
Here is what I have in the config file: frontend https-in bind :443 ssl crt /var/proxy/certs/fallback.pem crt /var/proxy/certs/domain1.pem crt /var/proxy/certs/domain2.pem use_backend ssl_backend Now, when calling https://domain1 this works from all modern platforms and browsers. But a lot customers with older equipment (i.e. most of them from within banking networks - no kidding) are reporting that their browser (IE8 on XP as an example) is warning them when visiting domain1 on SSL. As I couldn't reproduce that problem from elsewhere, I just installed XP and IE8 and bang, yes I get the same warning. What happens is that HAProxy is using the fallback certificate. When I remove that and only have this config: frontend https-in bind :443 ssl crt /var/proxy/certs/domain1.pem use_backend ssl_backend Then everything works also on older systems. I think, from that we can assume that the certificates are just fine. But something with HAProxy seems not quite right for all circumstances if there are more than one CRTs in one bind statement. If anyone needed an environment for testing and reproduction, please let me know. I can provide more infos or even access to our system if that's necessary. Thanks Jürgen
