HAProxy

HAProxy tukee tunnistamista SSL-asiakaspään varmenteella^[1]

  - support for wildcard certificates reduces the need for many certificates ;

  - certificate-based client authentication with configurable policies on
    failure to present a valid certificate. This allows to present a different
    server farm to regenerate the client certificate for example;

  - authentication of the backend server ensures the backend server is the real
    one and not a man in the middle;

  - authentication with the backend server lets the backend server know it's
    really the expected haproxy node that is connecting to it;