Hello Alberto I think you will want something like this.
If the client does not have an SSL Cert in their browser they will not be able to connect. http://blog.haproxy.com/2012/10/03/ssl-client-certificate-management-at-application-level/ Regards Andrew Smalley Loadbalancer.org http://www.loadbalancer.org On 12 July 2016 at 15:41, Alberto Valdes <[email protected]> wrote: > Hello everyone. I want to configure HAProxy to allow connections only from > users with a valid certificate, so the connection between the client > application and HAProxy is restricted and then the connection between > HAProxy and my backend servers is only SSL without certificate > authentication. > > So far my configuration works with Firefox, Internet Explorer, Microsoft > Edge, Chrome, Thunderbird (IMAP) and Smarthphones mail apps (IMAP). > > The problem comes when I try to use Outlook 2016 client (I also tested it > with Outlook 2010 and Outlook 2013 and I get the same problem) it just > crashes. > > This is what I did to create the certificates --> https://paste.ee/p/d4kYu > 2 <https://paste.ee/p/d4kYu> > > And this is my HAProxy configuration file --> https://paste.ee/p/Xw5Lp1 > <https://paste.ee/p/Xw5Lp> > > Did someone manage to get this working? > > I found that when using any Microsoft product (Edge, Internet Explorer, > Outlook) I get a "Connection closed during SSL handshake" error in my > HAProxy logs and then I am asked to confirm the client certificate. > > So my guess is that it fails when using Outlook because I have no way to > confirm the certificate, therefore no data is sent to finish the SSL > handshake > > I changed my "defaults" configuration and now I do not get the "Connection > closed during SSL handshake" error, but Outlook still crashes > > Thanks >
