show ssl cert
List certificates used on frontends.
Description
List certificates used on frontends.
This command is useful for confirming that a certificate was updated correctly.
If a filename is prefixed by an asterisk in the result, it is a part of a transaction that has not yet been committed. Specify a filename to see details about a specific certificate. To display details on a transaction, prefix the filename with an asterisk.
HAProxy Enterprise can update an SSL certificate that it loaded into memory at startup. The workflow to update a certificate is:
Start a transaction that uploads the local certificate file into memory using
set ssl cert.Commit the transaction to update the certificate using
commit ssl cert.
Use show ssl cert to see the file before and after committing it. Pending files have an asterisk before their names.
Examples
View certificates loaded into HAProxy Enterprise's runtime memory:
$ echo "show ssl cert" | \
sudo socat stdio unix-connect:/var/run/hapee-2.2/hapee-lb.sock# transaction
*/etc/hapee-2.2/certs/site.pem
# filename
/etc/hapee-2.2/certs/site.pemView a specific certificate:
$ echo "show ssl cert */etc/hapee-2.2/certs/site.pem" | \
sudo socat stdio unix-connect:/var/run/hapee-2.2/hapee-lb.sockFilename: */etc/hapee-2.2/certs/site.pem
Status: Unused
Serial: 1F5202E02083861B302FFA09045721F07C865EFD
notBefore: Aug 12 17:05:34 2020 GMT
notAfter: Aug 12 17:05:34 2021 GMT
Subject Alternative Name:
Algorithm: RSA2048
SHA1 FingerPrint: C2958E4ABDF89447BF0BEDEF43A1A202213B7B4C
Subject: /C=US/ST=Ohio/L=Columbus/O=Company/CN=example.localSee also
Next up
show ssl crt-list