Recently I changed my haproxy configuration to support Client Certificates to login in to services through the Web from outside my internal network. This will be broken down in to mutable parts so that it is easier to read.
If you have not created you Client Certificate see Part 1.
If you have not configured haproxy to accept Client Certificates see Part 2.
Creating Client CertificatesConfiguring Haproxy to accept themConfiguring Haproxy to reverse proxy to your web applications- Adding your Client Certificate to your browser
If you have gotten through everything else than this will be easy
#####Chrome
- Open Google Chrome. Open the menu at the top right corner and select Settings.
- Select Show Advanced Settings > Manage Certificates.
- Click the Import button
- The previous step should launch a browser which you can use to navigate to the directory where your client certificate file (usually a PKCS12 file with the .p12 or .pfx extension) is stored. Select the file and enter the required password. If you succeed, you should see a notification that says “Successfully restored your security certificate(s) and private key(s).” (or something to that effect. Click OK to proceed.
#####Firefox
- Launch Firefox and click the menu icon (3 horizontal lines) found in the upper-right-corner of the browser. After that, click the Preferences icon.
- Go to the Certificates tab and then click the View Certificates button.
- The previous step should have launched the Firefox Certificate Manager. Click the Your Certificates tab and then click the Import button.
- The previous step should launch a browser which you can use to navigate to the directory where your client certificate file (usually a PKCS12 file with the .p12 or .pfx extension) is stored. Select the file and enter the required password. If you succeed, you should see a notification that says “Successfully restored your security certificate(s) and private key(s).” (or something to that effect. Click OK to proceed.