Hi all,

We have a customer who wants to protect a site with client certificates.
However the client certificates are created with two different root ca's.

If we configure one CA cert in the ca-file everything works great.
When I add the second CA, access for clients with a cert from the first ca
are allowed. Clients with certificates from the second ca are refused.
If I change the order off CA certificates it's just the other way around.

Example off our configuration:


frontend frontend_with_ca
    mode http
    bind ssl crt-list
/etc/haproxy/crt-list-frontend_with_ca transparent no-tlsv10 no-tlsv11
ca-file /etc/haproxy/trusted_ca.pem verify required


Is it to possible to allow client certificates from two different root ca's
in one frontend?

We are using HA-Proxy version 1.8.12 from IUS.

Thanks in advance!

Kind regards,

Reply via email to