show ssl crl-file
Display information about CRL files.
Display information about CRL files. If the output shows a CRL filename prefixed with an asterisk (
*), it is a transaction which is not committed yet.
If you specify a CRL filename as an argument after the
crl-file keyword, the output shows the status of the CRL file ("Used"/"Unused") followed by details about the lists contained in the CRL file. The details displayed for every list are based on the output of
openssl crl -text -noout -in <file>.
If you specify a CRL filename with an index as in
<crlfile>:<index>, the output includes details of the certificate having the specified index. Indexes start from 1. If the index is invalid (for instance, it exceeds the number of certificates), nothing is displayed.
This command is useful for checking if a CRL file was properly updated. You can also display the details of an ongoing transaction by prefixing the filename by an asterisk.
List all CRL files:
$ echo "show ssl crl-file" | \ sudo socat stdio unix-connect:/var/run/hapee-2.5/hapee-lb.sock
# transaction *crlfile.pem # filename crlfile.pem
List details for CRL file
$ echo "show ssl crl-file crlfile.pem" | \ sudo socat stdio unix-connect:/var/run/hapee-2.5/hapee-lb.sock
Filename: /home/barney/work/haproxy/reg-tests/ssl/crlfile.pem Status: Used Certificate Revocation List #1: Version 1 Signature Algorithm: sha256WithRSAEncryption Issuer: /C=FR/O=HAProxy Technologies/CN=Intermediate CA2 Last Update: Apr 23 14:45:39 2021 GMT Next Update: Sep 8 14:45:39 2048 GMT Revoked Certificates: Serial Number: 1008 Revocation Date: Apr 23 14:45:36 2021 GMT Certificate Revocation List #2: Version 1 Signature Algorithm: sha256WithRSAEncryption Issuer: /C=FR/O=HAProxy Technologies/CN=Root CA Last Update: Apr 23 14:30:44 2021 GMT Next Update: Sep 8 14:30:44 2048 GMT No Revoked Certificates.
List details for the second certificate in temporary (uncommitted) CRL file
$ echo "show ssl crl-file *crlfile.pem:2" | \ sudo socat stdio unix-connect:/var/run/hapee-2.5/hapee-lb.sock
Filename: */home/barney/work/haproxy/reg-tests/ssl/crlfile.pem Status: Unused Certificate #2: Serial: 587A1CE5ED855040A0C82BF255FF300ADB7C8136 [...]
Next upshow ssl crt-list