Hi,
> Below is the snapshot of strace output, 1st block showing error if > loading ca-file from directory and 2nd block showing no error if > loading ca-file from a file: I think ca-file doesn't support directories, only the crt option supports directories. If you need to specify a CA (to authenticate SSL clients) you need to point directly to the file. If on the other hand you just need the CA file to send towards the client as an intermediate certificate, so that the client can authenticate the final certificate, just point to the directory with the crt keyword. Also read: ca-file doc: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#ca-file%20%28Bind%20options%29 crt doc: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.1-crt Since you didn't configure any verify keywords on the bind line, I suspect you don't want to do any client SSL authentication at all and replacing "ca-file" with "crt" on the bind line will achieve what you need. Regards, Lukas
