Reference
commit ssl crl-file
Available since
- HAProxy 2.5
- HAProxy Enterprise 2.5r1
Commit a temporary SSL CRL file update transaction.
Description Jump to heading
Commit a temporary SSL CRL file update transaction. Changes made to a CRL file using set ssl crl-file
exist in a temporary transaction until committed using commit ssl crl-file
. Alternatively, they can be aborted with abort ssl crl-file
.
When committing to an existing CRL file (one marked “Used” in show ssl crl-file
output), the new CRLs are integrated with the existing CRLs in runtime memory. Once the temporary transaction is committed, it is destroyed.
When committing to a new CRL file (one just created with the new ssl crl-file
command and which would subsequently be marked “Unused” in show ssl crl-file
output), the CRL file will be inserted into memory but it won’t be used anywhere in the load balancer.
To use the CRL file and generate SSL contexts that use it, you will need to add it to a crt-list with add ssl crt-list
. This operation changes only the CRL list in memory. To make the changes permanent, also make the changes to the CRL file on disk.
Examples Jump to heading
nix
echo -e "set ssl crl-file crlfile.pem <<\n$(cat rootCRL.pem)\n" | \sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo -e "set ssl crl-file crlfile.pem <<\n$(cat rootCRL.pem)\n" | \sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo "commit ssl crl-file crlfile.pem" | \sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo "commit ssl crl-file crlfile.pem" | \sudo socat stdio tcp4-connect:127.0.0.1:9999
See also Jump to heading
Do you have any suggestions on how we can improve the content of this page?