commit ssl crl-file

Description

Commit a temporary SSL CRL file update transaction. Changes made to a CRL file using set ssl crl-file exist in a temporary transaction until committed using commit ssl crl-file. Alternatively, they can be aborted with abort ssl crl-file.

When committing to an existing CRL file (one marked "Used" in show ssl crl-file output), the new CRLs are integrated with the existing CRLs in runtime memory. Once the temporary transaction is committed, it is destroyed.

When committing to a new CRL file (one just created with the new ssl crl-file command and which would subsequently be marked "Unused" in show ssl crl-file output), the CRL file will be inserted into memory but it won't be used anywhere in HAProxy Enterprise.

To use the CRL file and generate SSL contexts that use it, you will need to add it to a crt-list with add ssl crt-list.

Examples

$ echo -e "set ssl crl-file crlfile.pem <<\n$(cat rootCRL.pem)\n" | \
   sudo socat stdio unix-connect:/var/run/hapee-2.7/hapee-lb.sock

$ echo "commit ssl crl-file crlfile.pem" | \
   sudo socat stdio unix-connect:/var/run/hapee-2.7/hapee-lb.sock

See also

• abort ssl crl-file

• add ssl crt-list

• del ssl crl-file

• new ssl crl-file

• set ssl crl-file

• show ssl crl-file