@oweir29 wrote:
global tune.ssl.default-dh-param 2048 defaults log 127.0.0.1:514 user timeout connect 5000ms timeout client 5000ms timeout server 5000ms mode http option httplog listen reverse-proxy bind 127.0.0.1:80 acl test_acl hdr_end(host) -i wikipedia.org use_backend wikipedia if test_acl backend wikipedia server wikipedia-server 208.80.153.224:443 ssl verify required ca-file /home/test/haproxy-certificate/GlobalSignRootCA.crtFor example www.wikipedia.org , I try to export the root CA of www.wikipedia.org from Firefox but it doesn’t work and complain with one haproxy 503 page.
If I export the whole certification chain of *.wikipedia.rog it is works, but I just want to verify the root CA because root CA almost never expired.
Posts: 1
Participants: 1