Reference

set ssl crl-file

Available since

  • HAProxy 2.5
  • HAProxy Enterprise 2.5r1

Reset an SSL Certificate Revocation List (CRL) file with new revocation lists.

Description Jump to heading

Reset an SSL Certificate Revocation List (CRL) file with new CRLs. The command creates a new runtime CRL file into which the CRLs contained in the payload are stored.

The CRL file is kept in a temporary transaction until the transaction is committed with commit ssl crl-file, at which time it is stored in runtime memory. If a transaction with the same filename already exists, the previous CRL file entry is deleted and replaced by the new one.

To use the CRL file and generate SSL contexts that use it, you will need to add it to a crt-list with add ssl crt-list.

Optionally, you can use abort ssl crl-file to abort the transaction.

Changes to the CRL file made using the Runtime API are in memory only and not written to disk. They will therefore be lost when the load balancer stops.

This operation, once committed, changes only the CRL file in memory. To make the changes permanent, also make the changes to the CRL file on disk.

Examples Jump to heading

bash
echo -e "set ssl crl-file crlfile.pem <<\n$(cat rootCRL.pem)\n" | \
sudo socat stdio tcp4-connect:127.0.0.1:9999
bash
echo -e "set ssl crl-file crlfile.pem <<\n$(cat rootCRL.pem)\n" | \
sudo socat stdio tcp4-connect:127.0.0.1:9999
bash
echo "commit ssl crl-file crlfile.pem" | \
sudo socat stdio tcp4-connect:127.0.0.1:9999
bash
echo "commit ssl crl-file crlfile.pem" | \
sudo socat stdio tcp4-connect:127.0.0.1:9999

See also Jump to heading

If this page was useful, please, Leave the feedback.