Reference

show ssl ca-file

On this page

Available since

  • HAProxy 2.5
  • HAProxy Enterprise 2.5r1

Display the list of CA files used by the load balancer and their respective certificate counts.

Description Jump to heading

Display the list of CA files used by the load balancer and their respective certificate counts. If the output shows a CA filename prefixed with an asterisk (*), it is a transaction which is not committed yet.

If you specify a CA filename as an argument after the ca-file keyword, the output shows the status of the CA file (“Used”/“Unused”) followed by details about all the certificates contained in the CA file. The details displayed for every certificate are the same as the ones displayed by a show ssl cert command.

If you specify a CA filename with an index as in <cafile>:<index>, the output includes details of the certificate having the specified index. Indexes start from 1. If the index is invalid (for instance, it exceeds the number of certificates), nothing is displayed.

This command is useful for checking if a CA file was properly updated. You can also display the details of an ongoing transaction by prefixing the filename by an asterisk.

Examples Jump to heading

List all CA files and the number of certificates in each.

nix
echo "show ssl ca-file" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo "show ssl ca-file" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999
output
text
# transaction
*cafile.crt - 2 certificate(s)
# filename
cafile.crt - 1 certificate(s)
output
text
# transaction
*cafile.crt - 2 certificate(s)
# filename
cafile.crt - 1 certificate(s)

List details for all certificates in CA file cafile.crt.

nix
echo "show ssl ca-file cafile.crt" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo "show ssl ca-file cafile.crt" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999
output
text
Filename: /home/barney/work/haproxy/reg-tests/ssl/set_cafile_ca2.crt
Status: Used
Certificate #1:
Serial: 11A4D2200DC84376E7D233CAFF39DF44BF8D1211
notBefore: Apr  1 07:40:53 2021 GMT
notAfter: Aug 17 07:40:53 2048 GMT
Subject Alternative Name:
Algorithm: RSA4096
SHA1 FingerPrint: A111EF0FEFCDE11D47FE3F33ADCA8435EBEA4864
Subject: /C=FR/ST=Some-State/O=HAProxy Technologies/CN=HAProxy Technologies CA
Issuer: /C=FR/ST=Some-State/O=HAProxy Technologies/CN=HAProxy Technologies CA
output
text
Filename: /home/barney/work/haproxy/reg-tests/ssl/set_cafile_ca2.crt
Status: Used
Certificate #1:
Serial: 11A4D2200DC84376E7D233CAFF39DF44BF8D1211
notBefore: Apr  1 07:40:53 2021 GMT
notAfter: Aug 17 07:40:53 2048 GMT
Subject Alternative Name:
Algorithm: RSA4096
SHA1 FingerPrint: A111EF0FEFCDE11D47FE3F33ADCA8435EBEA4864
Subject: /C=FR/ST=Some-State/O=HAProxy Technologies/CN=HAProxy Technologies CA
Issuer: /C=FR/ST=Some-State/O=HAProxy Technologies/CN=HAProxy Technologies CA
nix
echo "show ssl ca-file *cafile.crt:2" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo "show ssl ca-file *cafile.crt:2" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999

List details for the second certificate in temporary (uncommitted) CA file cafile.crt.

output
text
Filename: */home/barney/work/haproxy/reg-tests/ssl/set_cafile_ca2.crt
Status: Unused
Certificate #2:
Serial: 587A1CE5ED855040A0C82BF255FF300ADB7C8136
[...]
output
text
Filename: */home/barney/work/haproxy/reg-tests/ssl/set_cafile_ca2.crt
Status: Unused
Certificate #2:
Serial: 587A1CE5ED855040A0C82BF255FF300ADB7C8136
[...]

See also Jump to heading

Do you have any suggestions on how we can improve the content of this page?

Previous page show sess Next page show ssl cert
© 2024 HAProxy Technologies, LLC. All Rights Reserved
Manage Cookie Preferences