In addition to serving as a reverse proxy, HAProxy can forward client certificate to the backend. Bobcares, as a part of our Server Management Service offers solutions to every HAProxy query that comes our way.

HAProxy’s Forward Client Certificate to the Backend

HAProxy has the ability to route client requests to backend servers when working as a reverse proxy. It can also send client certificates to the backend servers. This improves the security. When a client connects to the frontend, the details about their SSL/TLS is given to the backend server that is managing the request.

In addition to carrying out authentication checks, this also enables the backend server to confirm the client’s identity. Let’s see the steps to set up the system:

1. By providing the SSL certificate and private key, we can set up HAProxy to close SSL/TLS at the frontend. This enables the client’s encrypted traffic to be decrypted by HAProxy.

2. In the HAProxy setup, we must enable the ssl and ssl_fc_sni options in order to forward the certificate to the backend.

3. Confirm that the backend server is set up to accept and handle the client certificate that has been forwarded to it. Depending on the software and programming language being used, different steps must be followed on the backend server while handling the client certificate.

By taking these actions, the backend server can receive the certificate from HAProxy. Then it is used to carry out extra authentication tests based on the client’s identity. This makes it possible to grant backend services more precise and safe access control.

[Want to learn more? Reach out to us if you have any further questions.]

Conclusion

To conclude, we offer a brief note on the steps from our Tech team to set up HAProxy to forward client certificates to the backend.