Can't connect to backend server if they are using SSL with wildcard Subject Alternative Names

For some reason I get “503 Service Unavailable” when trying to reach a backend server over 443/ssl where the target server uses wildcard SSL in their Subject Alternative Names. Here’s the full config you can test out to verify. It works when trying to reach backend without SSL or with SSL that doesn’t use wildcards. See comments in backend sections. How can I make it work with backend sites that uses wildcard SSL?

global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

defaults
    log     global
    mode    http
    option  httplog
    option  dontlognull
    timeout connect 5000
    timeout client  50000
    timeout server  50000

frontend http-in
  bind *:80
  bind *:443 ssl crt /root/cert.pem

  default_backend app6

# this works when backend server on port 80 but fails on 443
# https://10.10.1.111/data/validatorstats.json
# cert uses wildcard
backend app1
  http-request set-header Host defier.net
  server server1 defier.net:443 ssl verify none
#  server server1 defier.net:80 check

# this works: https://10.10.1.111/document/txt/example.txt
# cert is not using wildcard
backend app2
  http-request set-header Host example-files.online-convert.com
  server server2 example-files.online-convert.com:443 ssl verify none

# this fails: https://10.10.1.111/
# cert uses wildcard
backend app3
  http-request set-header Host osmosisarchive-rpc.quickapi.com
  server server3 osmosisarchive-rpc.quickapi.com:443 ssl verify none

# this fails: https://10.10.1.111/
# cert uses wildcard
backend app4
  http-request set-header Host osmosis-rpc.polkachu.com
  server server4 osmosis-rpc.polkachu.com:443 ssl verify none

# this fails: https://10.10.1.111/sample.txt
# cert uses wildcard
backend app5
  http-request set-header Host txt2html.sourceforge.net
  server server5 txt2html.sourceforge.net:443 ssl verify none

# this works: https://10.10.1.111/
# cert is not using wildcard
backend app6
  http-request set-header Host thetestdata.com
  server server6 thetestdata.com:443 ssl verify none

2 posts - 2 participants

Read full topic

Can't connect to backend server if they are using SSL with wildcard Subject Alternative Names

Trending Articles

RAMAYAMPET Mandal Sarpanch | Upa-Sarpanch | Ward member Mobile Numbers Medak...

लड़कियां सेक्स के दौरान क्यों करती है उह! आह!लड़कियां सेक्स के दौरान क्यों करती...

Neem Baba Extra Questions Answer Class 6 English Poorvi

Throw Back: 4×4 — Sikilitele (Ft Castro) Prod by JQ

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise

Lowe faces four theft charges

Practice Sheet of Right form of verbs for HSC Students

Mafia, Murder & Mayhem In The Motor City: Detroit Mob Hit Timeline (1937-2007)

The 10 Tennessee Cities With The Largest Black Population For 2021

Materials Around Us Class 6 Worksheet Science Chapter 6

デスクトップヒープの枯渇

Best Suvichar in Hindi |बेस्ट सुविचार |शुभ विचार हिंदी में

Kanulanu Thaake Lyrics and translation | Manam (2014)

Korean Sex Porn Videos: XXX Videos & Free Porn Movies

Teen Shot In Miami Drive-By Dies From Injuries

Download: IQ Muzatasha feat Shy D & Pmj – Ulesi NiFertilizer Yamavuto

Mahakal Attitude Status

Property developer set up cannabis factory to help pay off debts...

♡

KB: How to troubleshoot issues when adding a Hyper-V host in System Center...