HAProxy Enterprise Documentation 2.3r1

show ssl cert

List certificates used on frontends. If a filename is prefixed by an asterisk in the result, it is a part of a transaction that has not yet been committed. Specify a filename to see details about a specific certificate.

Description

HAProxy Enterprise can update an SSL certificate that it loaded into memory at startup. The workflow to update a certificate is:

  1. Start a transaction that uploads the local certificate file into memory using set ssl cert.

  2. Commit the transaction to update the certificate using commit ssl cert.

Use show ssl cert to see the file before and after committing it. Pending files have an asterisk before their names.

Examples

View certificates loaded into HAProxy Enterprise's runtime memory:

$ echo "show ssl cert" | socat stdio tcp4-connect:127.0.0.1:9999

# transaction
*/etc/hapee-2.3/certs/site.pem
# filename
/etc/hapee-2.3/certs/site.pem

View a specific certificate:

$ echo "show ssl cert */etc/hapee-2.3/certs/site.pem" | socat stdio tcp4-connect:127.0.0.1:9999

Filename: */etc/hapee-2.3/certs/site.pem
Status: Unused
Serial: 1F5202E02083861B302FFA09045721F07C865EFD
notBefore: Aug 12 17:05:34 2020 GMT
notAfter: Aug 12 17:05:34 2021 GMT
Subject Alternative Name:
Algorithm: RSA2048
SHA1 FingerPrint: C2958E4ABDF89447BF0BEDEF43A1A202213B7B4C
Subject: /C=US/ST=Ohio/L=Columbus/O=Company/CN=example.local

See also

Next up

show ssl crt-list