HAProxy Enterprise Documentation 2.7r1

show ssl ca-file

Display the list of CA files used by HAProxy Enterprise and their respective certificate counts.

Description

Display the list of CA files used by HAProxy Enterprise and their respective certificate counts. If the output shows a CA filename prefixed with an asterisk (*), it is a transaction which is not committed yet.

If you specify a CA filename as an argument after the ca-file keyword, the output shows the status of the CA file ("Used"/"Unused") followed by details about all the certificates contained in the CA file. The details displayed for every certificate are the same as the ones displayed by a show ssl cert command.

If you specify a CA filename with an index as in <cafile>:<index>, the output includes details of the certificate having the specified index. Indexes start from 1. If the index is invalid (for instance, it exceeds the number of certificates), nothing is displayed.

This command is useful for checking if a CA file was properly updated. You can also display the details of an ongoing transaction by prefixing the filename by an asterisk.

Examples

List all CA files and the number of certificates in each.

$ echo "show ssl ca-file" | \
   sudo socat stdio unix-connect:/var/run/hapee-2.7/hapee-lb.sock
# transaction
*cafile.crt - 2 certificate(s)
# filename
cafile.crt - 1 certificate(s)

List details for all certificates in CA file cafile.crt.

$ echo "show ssl ca-file cafile.crt" | \
   sudo socat stdio unix-connect:/var/run/hapee-2.7/hapee-lb.sock
Filename: /home/barney/work/haproxy/reg-tests/ssl/set_cafile_ca2.crt
Status: Used

Certificate #1:
Serial: 11A4D2200DC84376E7D233CAFF39DF44BF8D1211
notBefore: Apr  1 07:40:53 2021 GMT
notAfter: Aug 17 07:40:53 2048 GMT
Subject Alternative Name:
Algorithm: RSA4096
SHA1 FingerPrint: A111EF0FEFCDE11D47FE3F33ADCA8435EBEA4864
Subject: /C=FR/ST=Some-State/O=HAProxy Technologies/CN=HAProxy Technologies CA
Issuer: /C=FR/ST=Some-State/O=HAProxy Technologies/CN=HAProxy Technologies CA

List details for the second certificate in temporary (uncommitted) CA file cafile.crt.

$ echo "show ssl ca-file *cafile.crt:2" | \
   sudo socat stdio unix-connect:/var/run/hapee-2.7/hapee-lb.sock
Filename: */home/barney/work/haproxy/reg-tests/ssl/set_cafile_ca2.crt
Status: Unused

Certificate #2:
Serial: 587A1CE5ED855040A0C82BF255FF300ADB7C8136
[...]

See also

Next up

show ssl cert