Haproxy not sending files to backend server

@avnban wrote:

Hi Everyone,

I am facing an issue with Haproxy. I am trying to send cert files to Harshicorp vault through Haproxy. It works fine if I run cur directly hitting vault servers. But its failing through Haproxy.

Command: curl -vvv --request PUT --cacert rootCAcert.pem --cert clientcrt.pem --key clientkey.pem --data ‘{“name”: “rootca”}’ https://ito028711.hosts.cloud.ford.com/v1/auth/cert/login

Error

1). {“errors”:[“tls connection required”]}

2).{“errors”:[“client certificate must be supplied”]}

Verbose output:

• Hostname was NOT found in DNS cache

• Trying …

• Connected to () port 443 (#0)

• successfully set certificate verify locations:

• CAfile: rootCAcert.pem

CApath: /etc/ssl/certs/

• SSLv3, TLS Unknown, Unknown (22):

• SSLv3, TLS handshake, Client hello (1):

• SSLv2, Unknown (22):

• SSLv3, TLS handshake, Server hello (2):

• SSLv2, Unknown (22):

• SSLv3, TLS handshake, CERT (11):

• SSLv2, Unknown (22):

• SSLv3, TLS handshake, Server key exchange (12):

• SSLv2, Unknown (22):

• SSLv3, TLS handshake, Server finished (14):

• SSLv2, Unknown (22):

• SSLv3, TLS handshake, Client key exchange (16):

• SSLv2, Unknown (20):

• SSLv3, TLS change cipher, Client hello (1):

• SSLv2, Unknown (22):

• SSLv3, TLS handshake, Finished (20):

• SSLv2, Unknown (20):

• SSLv3, TLS change cipher, Client hello (1):

• SSLv2, Unknown (22):

• SSLv3, TLS handshake, Finished (20):

• SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384

• Server certificate:

• subject: C=US; ST=Michigan; L=Dearborn; O=; CN=

• start date: 2019-05-07 15:35:42 GMT

• expire date: 2021-05-07 15:35:42 GMT

• subjectAltName: matched

• issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Organization Validation CA - SHA256 - G2

• SSL certificate verify ok.

• SSLv2, Unknown (23):

PUT /v1/auth/cert/login HTTP/1.1

User-Agent: curl/7.37.0

Host:

Accept: /

Content-Length: 18

Content-Type: application/x-www-form-urlencoded

• upload completely sent off: 18 out of 18 bytes

• SSLv2, Unknown (23):

< HTTP/1.1 400 Bad Request

< Cache-Control: no-store

< Content-Type: application/json

< Date: Mon, 13 May 2019 19:31:32 GMT

< Content-Length: 51

<

{“errors”:[“client certificate must be supplied”]}

• Connection #0 to host left intact

I see value for Content-Length above is 550 if I hit vault server directly

Posts: 1

Participants: 1

Read full topic