HAProxy Enterprise Documentation 2.5r1

show ssl crl-file

Display information about CRL files.

Description

Display information about CRL files. If the output shows a CRL filename prefixed with an asterisk (*), it is a transaction which is not committed yet.

If you specify a CRL filename as an argument after the crl-file keyword, the output shows the status of the CRL file ("Used"/"Unused") followed by details about the lists contained in the CRL file. The details displayed for every list are based on the output of openssl crl -text -noout -in <file>.

If you specify a CRL filename with an index as in <crlfile>:<index>, the output includes details of the certificate having the specified index. Indexes start from 1. If the index is invalid (for instance, it exceeds the number of certificates), nothing is displayed.

This command is useful for checking if a CRL file was properly updated. You can also display the details of an ongoing transaction by prefixing the filename by an asterisk.

Examples

List all CRL files:

$ echo "show ssl crl-file" | \
   sudo socat stdio unix-connect:/var/run/hapee-2.5/hapee-lb.sock
# transaction
*crlfile.pem
# filename
crlfile.pem

List details for CRL file crlfile.pem:

$ echo "show ssl crl-file crlfile.pem" | \
   sudo socat stdio unix-connect:/var/run/hapee-2.5/hapee-lb.sock
Filename: /home/barney/work/haproxy/reg-tests/ssl/crlfile.pem
Status: Used

Certificate Revocation List #1:
Version 1
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=FR/O=HAProxy Technologies/CN=Intermediate CA2
Last Update: Apr 23 14:45:39 2021 GMT
Next Update: Sep  8 14:45:39 2048 GMT
Revoked Certificates:
    Serial Number: 1008
        Revocation Date: Apr 23 14:45:36 2021 GMT

Certificate Revocation List #2:
Version 1
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=FR/O=HAProxy Technologies/CN=Root CA
Last Update: Apr 23 14:30:44 2021 GMT
Next Update: Sep  8 14:30:44 2048 GMT
No Revoked Certificates.

List details for the second certificate in temporary (uncommitted) CRL file crlfile.pem.

$ echo "show ssl crl-file *crlfile.pem:2" | \
   sudo socat stdio unix-connect:/var/run/hapee-2.5/hapee-lb.sock
Filename: */home/barney/work/haproxy/reg-tests/ssl/crlfile.pem
Status: Unused

Certificate #2:
Serial: 587A1CE5ED855040A0C82BF255FF300ADB7C8136
[...]

See also


Next up

show ssl crt-list