Security‎ > ‎

haproxy: client side ssl certificates

posted Jul 30, 2014, 4:49 PM by Chris G   [ updated Jan 17, 2018, 4:58 PM ]
This tutorial shows you how to configure haproxy and client side ssl certificates.

This tutorial shows how to create the certificate:

Create a Certificate Authority root (which represents this server)

Organization & Common Name: Some human identifier for this server CA.

openssl genrsa -des3 -out ca.key 4096

openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Create the Client Key and CSR

Organization & Common Name = Person name

openssl genrsa -des3 -out client.key 4096

openssl req -new -key client.key -out client.csr

# self-signed

openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt

Convert Client Key to PKCS so that it may be installed in most browsers.

openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12

Combines client.crt and client.key into a single PEM file for programs using openssl.

openssl pkcs12 -in client.p12 -out client.pem -clcerts