hi,
i experienced a strange thing in haproxy today. I use
bind 0.0.0.0:443 ssl crt /etc/haproxy/ssl/ ciphers HIGH:!aNULL:!MD5
in /etc/haproxy/ssl/ i had 2 files
domaineA.pem
domaineB.pem
DomainA.pem was only key+cert
DomainB.pem was key+cert+intermediateCA
Note that the 2 domains and certs are different but belong to the
same provider, here rapidssl.
When asked to access domaineB in https, haproxy would not return the
intermediateCA in this situation make the trust chain invalid in chrome.
I fighted a lot and then eventually look at the other pem file and
noticed that domainA was lacking it's intermediate cert. I added it and
then when i done https://domaineB, i was getting the intermediate cert
right (even if it was allready in domainB pem file and that domainA is
unrelated).
So i wonder if it is normal, as the domainB.pem was good, haproxy
decided to not send the intermediate until i loaded it into domaineA.pem
also ?
best regards,
Ghislain.
