_haproxy_router_tls_forward.html.md.erb

Under **HAProxy forwards requests to Router over TLS**, select **Enable** or **Disable** based on your deployment layout.    
  <ul>
    <li>To enable communication between HAProxy and the Gorouter:</li>
    <ol>
      <li>Leave **Enable** selected.</li>
      <li>In the **Certificate Authority for HAProxy back end** field, provide the CA that signed the certificate you configured in the **Certificate and private key for HAProxy and Router** field.
        <p class="note"><strong>Note:</strong> If you used the <strong>Generate RSA Certificate</strong> link to generate a certificate, then the CA to specify is the Ops Manager CA, which you can locate at the <code>/api/v0/certificate_authorities</code> endpoint in the Ops Manager API.</p></li>
      <li>Make sure that the Gorouter and HAProxy have TLS cipher suites in common in the **TLS cipher suites for Router** and **TLS cipher suites for HAProxy** fields.</li>
    </ol>
  </ul>
  For more information, see [Terminating SSL/TLS at the Load Balancer and Gorouter](../adminguide/securing-traffic.html#lb_and_gorouter_term), [Providing a Certificate for Your SSL/TLS Termination Point](../opsguide/security_config.html#config), and [Using the Ops Manager API](./ops-man-api.html). 
  <ul>
   <li>To use non-encrypted communication between HAProxy and the Gorouter:</li>
   <ol>
     <li>Select **Disable**.</li>
     <li>If you are not using HAProxy, set the number of HAProxy job instances to `0` in the **Resource Config** pane. For more information, see [Disable Unused Resources](#disable-resources).</li>
   </ol>
  </ul>
  For more information, see [Terminating SSL/TLS at the Gorouter Only](../adminguide/securing-traffic.html#gorouter_term) and [Terminating SSL/TLS at the Load Balancer Only](../adminguide/securing-traffic.html#lb_term).