Problem with load balancing web app (CyberArk's pvwas) with HAProxy over ssl


Beta member
I have some difficulties with setting up a load balancer for a web app (CyberArk's pvwas, but i'm not sure it matters). Here is my certificate and page.cfg config file info:


Subject Alternative Name:




log local0

resolvers dns

nameserver localdns x.x.x.x:53

hold valid 2s

frontend web_lb

bind ssl cert /path/to/my/cert.pem

timeout client 1h

default_backend web

backend web

balance leastconn

mode http

timeout server 1h

timeout connect 4s

server web1 check resolvers dns

server web2 check resolvers dns`

I am sure my dns settings are fine, I just can't figure out whether problem is in my certificate or on the webpage site (i can go there straight through and Haproxy service restarts fine and haproxy -f /path... -c says config file is valid. My haproxy version is 2.4.17 and I'm using CentOS 9.

I was already load balancing some apps using tcp mode and i am sure dns settings work. I also disabled requiring ssl on one server (hosting, but still couldn't load page via LB dns's name

Antonio Turner

Solid State Member
44 Mammoth Rd
It sounds like you have a valid configuration for HAProxy, but are having trouble getting the SSL certificate to work properly with the load balancer. One possible issue could be with the Subject Alternative Name (SAN) field in the certificate. The SAN field should contain the DNS names that the certificate is valid for, and in your case it appears that it is only set to "" and "". If the DNS name for the load balancer is different from these, the certificate will not be considered valid for the load balancer.
Another possible issue could be that the certificate is not being correctly located by HAProxy. You can verify the path to the certificate in the 'bind' line of the 'frontend' configuration and ensure that the certificate is present in the specified location.It could also be a problem with the dns resolution, you can try to use IP addresses instead of DNS names in the server configuration, and check if this solves the problem.
Top Bottom