Hi all,
We have a customer who wants to protect a site with client certificates.
However the client certificates are created with two different root ca's.
If we configure one CA cert in the ca-file everything works great.
When I add the second CA, access for clients with a cert from the first ca
are allowed. Clients with certificates from the second ca are refused.
If I change the order off CA certificates it's just the other way around.
Example off our configuration:
---------------------
frontend frontend_with_ca
mode http
bind 10.11.12.13:443 ssl crt-list
/etc/haproxy/crt-list-frontend_with_ca transparent no-tlsv10 no-tlsv11
ca-file /etc/haproxy/trusted_ca.pem verify required
---------------------
Is it to possible to allow client certificates from two different root ca's
in one frontend?
We are using HA-Proxy version 1.8.12 from IUS.
Thanks in advance!
Kind regards,
Coen
