Reference

set ssl crl-file

Available since

  • HAProxy 2.5
  • HAProxy Enterprise 2.5r1

Reset an SSL Certificate Revocation List (CRL) file with new revocation lists.

Description Jump to heading

Reset an SSL Certificate Revocation List (CRL) file with new CRLs. The command creates a new runtime CRL file into which the CRLs contained in the payload are stored.

The CRL file is kept in a temporary transaction until the transaction is committed with commit ssl crl-file, at which time it is stored in runtime memory. If a transaction with the same filename already exists, the previous CRL file entry is deleted and replaced by the new one.

To use the CRL file and generate SSL contexts that use it, you will need to add it to a crt-list with add ssl crt-list.

Optionally, you can use abort ssl crl-file to abort the transaction.

When you use the Runtime API, your changes take effect in the memory of the running load balancer, but are not stored on disk. They will therefore be lost when the load balancer stops.

This operation, once committed, changes only the CRL file in memory. To make the changes permanent, also make the changes to the CRL file on disk.

Examples Jump to heading

nix
echo -e "set ssl crl-file crlfile.pem <<\n$(cat rootCRL.pem)\n" | \
sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo -e "set ssl crl-file crlfile.pem <<\n$(cat rootCRL.pem)\n" | \
sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo "commit ssl crl-file crlfile.pem" | \
sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo "commit ssl crl-file crlfile.pem" | \
sudo socat stdio tcp4-connect:127.0.0.1:9999

See also Jump to heading

Do you have any suggestions on how we can improve the content of this page?