Am 28.07.2019 um 03:13 schrieb TomK:
> Hello,
> I'm trying to configure Haproxy w/ Keepalived to pass TLS encrypted traffic 
> from
> the VIP to the underlying hosts which are also themselves running with TLS
> Certificates.
> Highlevel overview of the setup:
> server1:7182  ( TLS Encrypted )
> server2:7182  ( TLS Encrypted )
> srv-cluster01:7182    ( TLS Encrypted )

What's your config (keepalived and haproxy) and your haproxy version?

> Right now I have the client trying to connect to the server via an
> Haproxy/Keepalived two node cluster, however I'm getting:
> SSLError: certificate verify failed

This error is from the client, haproxy or from the backend server?

> Both the server is Java based and so is the Client Agent app.  I've added the
> private key to the
> /etc/pki/ca-trust/extracted/java/jssecacerts

You should not put the private key into the keystore only the CA which singed
the certificate.

Please take a look into this post to see how to handle the CA and certificates.


> Appears as if though the traffic is passing through however the certs aren't
> matching up.
> So I'm wondering if anyone could share their config that I could use as an
> example of how things should be configured in this scenario.

Well there are a lot search results how to setup haproxy and keepalived which
one have you followed?



Reply via email to