Nginx – Haproxy: SSL encrypted backend with self-signed cert

I'm working to configure HAProxy such that it will terminate the SSL so there's only one place to configure the purchased SSL cert. However, I'd prefer that the connection to the backend servers also be encrypted with SSL.

One suggestion I found is to create self-signed certs on the backend servers and then on each server line, set "verify none". … So the connection from the browser to HAProxy would be using the official purchased SSL cert, but the connection to HAProxy to the backend servers would be using self-signed certs. The benefit of self-signed certs is that they are free, they don't require updates and maintenance (I can set the expiration far in the future and avoid having to install new ones each year). However, understandably, this opens the backends up for MITM attacks and isn't recommended by some sources that I've read.

Can I configure HAProxy so that I can use self-signed certs on the backend servers, but perhaps somehow whitelist the self-signed certificate on the HAProxy server? … so the HAProxy to backend connection would be encrypted, it would not be vulnerable to MITM attacks, and HAProxy would know to trust the self-signed certificate from the backend servers.

Is what I'm describing possible? I'm new to HAProxy SSL termination, so any advice is appreciated.

The relevant parts of my configuration are as follows:

frontend www-in
    bind *:80
    bind *:443 ssl crt /etc/ssl-keys/my-public-ssl-key.pem no-sslv3

    mode http
    default_backend https-backend
    # force redirect to https
    redirect scheme https if !{ ssl_fc }

backend https-backend
    balance leastconn
    server web1 1.1.1.1:443 check ssl verify none
    server web2 2.2.2.2:443 check ssl verify none

    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }