On Sat, Aug 2, 2014 at 2:22 AM, Meyers, Donovan <[email protected]> wrote: > > Hi Conrad, > > Thanks for your excellent suggestion! > > I did a quick test and got the same results with https. I was able to > connect with no client certificate, despite my config that should require > one. > > I've moved on to other things, since it looks like I won't need this > functionality after all. But I am curious about what's going on. > > D > > > On 7/24/14 7:00 PM, "Conrad Hoffmann" <[email protected]> wrote: > >>Hey Donovan, >> >>I never used client certificates in haproxy, but have you tried the >>setup with a regular HTTP backend instead of the stats socket? That is >>something that should work and you could use to verify that your certs >>are working correctly... >> >>Cheers, >>Conrad > >
Hi Donovan, You should have find some answers here: http://blog.haproxy.com/2012/10/03/ssl-client-certificate-management-at-application-level/ If it is not a question of configuration, then it could be related to your certificates and the way you generated them. Also, is there any reason why you're not setting up SSL directly on the stats listen section? (I mean "why do you need to proxy the connection to a loopback interface) Baptiste
