Hi, We have an issue with a client certificate in DER (binary) encoded PKCS7 format (.p7b). The file contains the full certificate chain and the CA-file at HAproxy matches the root CA of the chain, so it should work.
However, the client connecting receives an “unknown CA” alert and HAproxy says “SSL client certificate not trusted” My strong suspicion is that HAproxy only supports PEM (text) encoded CRT format when connecting but I haven’t found a definitive source in the documentation. There are only examples using PEM so assume this is the only supported format. Can someone confirm / deny this or point me to a list of supported formats for certificates? Thanks a lot, Dominik
