> On 19 May 2021, at 4:05 pm, post...@ptld.com wrote: > >> Sharing private keys between two servers is an extremely bad idea IMHO > > I agree, which is why im asking for ideas to solve this correctly.
The correct solution is to NOT terminate TLS on haproxy, and do TLS
end-to-end from client to Postfix, with haproxy only handling layer 4
TCP.
--
Viktor.
