HAProxy Enterprise Documentation 2.5r1

set ssl crl-file

Reset an SSL Certificate Revocation List (CRL) file with new revocation lists.


Reset an SSL Certificate Revocation List (CRL) file with new CRLs. The command creates a new runtime CRL file into which the CRLs contained in the payload are stored.

The CRL file is kept in a temporary transaction until the transaction is committed with commit ssl crl-file, at which time it is stored in runtime memory. If a transaction with the same filename already exists, the previous CRL file entry is deleted and replaced by the new one.

To use the CRL file and generate SSL contexts that use it, you will need to add it to a crt-list with add ssl crt-list.

Optionally, you can use abort ssl crl-file to abort the transaction.

Changes to the CRL file made using the Runtime API are in memory only and not written to disk. They will therefore be lost when the proxy stops.


$ echo -e "set ssl crl-file crlfile.pem <<\n$(cat rootCRL.pem)\n" | \
   sudo socat stdio unix-connect:/var/run/hapee-2.5/hapee-lb.sock

$ echo "commit ssl crl-file crlfile.pem" | \
   sudo socat stdio unix-connect:/var/run/hapee-2.5/hapee-lb.sock

See also

Next up

set ssl ocsp-response