Hi. Am 28.07.2019 um 03:13 schrieb TomK: > Hello, > > I'm trying to configure Haproxy w/ Keepalived to pass TLS encrypted traffic > from > the VIP to the underlying hosts which are also themselves running with TLS > Certificates. > > Highlevel overview of the setup: > > > server1:7182 ( TLS Encrypted ) 10.0.0.1 > server2:7182 ( TLS Encrypted ) 10.0.0.2 > > srv-cluster01:7182 10.0.0.3 ( TLS Encrypted )
What's your config (keepalived and haproxy) and your haproxy version? > Right now I have the client trying to connect to the server via an > Haproxy/Keepalived two node cluster, however I'm getting: > > SSLError: certificate verify failed This error is from the client, haproxy or from the backend server? > Both the server is Java based and so is the Client Agent app. I've added the > private key to the > > /etc/pki/ca-trust/extracted/java/jssecacerts You should not put the private key into the keystore only the CA which singed the certificate. Please take a look into this post to see how to handle the CA and certificates. https://fabianlee.org/2018/02/19/java-loading-self-signed-ca-and-san-certificates-into-a-java-keystore/ > Appears as if though the traffic is passing through however the certs aren't > matching up. > > So I'm wondering if anyone could share their config that I could use as an > example of how things should be configured in this scenario. Well there are a lot search results how to setup haproxy and keepalived which one have you followed? https://duckduckgo.com/?q=haproxy+keepalived Regards Aleks