Hello, I try to deploy an overcloud openstack in victoria version. My configuration to deploy is : openstack overcloud deploy --templates -r /home/stack/templates/roles_data.yaml \ -n /home/stack/network_data.yaml \ -e /home/stack/templates/scheduler_hints_env.yaml \ -e /home/stack/templates/network-isolation.yaml \ -e /home/stack/templates/os-net-config-mapping.yaml \ -e /home/stack/templates/node-info.yaml \ -e /home/stack/containers-prepare-parameter.yaml \ -e /home/stack/templates/host-map.yaml \ -e /home/stack/templates/ips-from-pool-all.yaml \ -e /home/stack/templates/network-environment.yaml \ -e /home/stack/templates/net-multiple-nics-vlans.yaml \ -e /home/stack/templates/ceph-ansible-external.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/services/haproxy-internal-tls-certmonger.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-endpoints-public-ip.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/services/octavia.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-everywhere-endpoints-dns.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/disable-telemetry.yaml \ -e /home/stack/templates/tls-parameters.yaml \ -e /home/stack/templates/inject-trust-anchor.yaml \ The generated configuration of horizon httpd contains SSLVerifyClient. But Haproxy fails to check server available, because haproxy does not send a client certificate when check attempt. the generated configuration of haproxy backend is : server host1 ip_host1:5000 ca-file /etc/ipa/ca.crt check fall 5 inter 2000 rise 2 ssl verify required verifyhost host1 server host2 ip_host2:5000 ca-file /etc/ipa/ca.crt check fall 5 inter 2000 rise 2 ssl verify required verifyhost host2 server host3 ip_host3:5000 ca-file /etc/ipa/ca.crt check fall 5 inter 2000 rise 2 ssl verify required verifyhost host3 if i try adding manualy "crt /etc/pki/tls/certs/haproxy/overcloud-haproxy-internal_api.pem" in server configuration in haproxy.conf, horizon/dashboard works via haproxy. But i'm not sure that's the right way. Did I forget an environment file in deploy configuration ? Thank you in advance for your assistance with this. Best regards Souppart Alexandre