Reference

dump ssl cert

On this page

Available since

  • HAProxy 3.1
  • HAProxy Enterprise 3.1r1

Save the current state of an SSL certificate as a PEM file.

Description Jump to heading

Save the current state of an SSL certificate as a PEM file that you can use on the next service reload to restore the certificate.

This command is useful when an SSL certificate has been updated on the CLI but has not been saved to the filesystem. Specify the certificate file path as the argument.

You can not only dump SSL certificates currently in use in runtime memory, but you can also dump SSL certificates in transactions that have not yet been committed. To dump a certificate in a transaction, prefix the filename with an asterisk (*).

This command is restricted and can only be issued on sockets configured for level admin.

Example Jump to heading

  1. Call show ssl cert to view certificates loaded into the load balancer’s runtime memory or staged in uncommitted transactions:

    nix
    echo "show ssl cert" | \
      sudo socat stdio tcp4-connect:127.0.0.1:9999
    nix
    echo "show ssl cert" | \
      sudo socat stdio tcp4-connect:127.0.0.1:9999
    output
    text
    # transaction
    */etc/hapee-3.1/certs/site.pem
    # filename
    /etc/hapee-3.1/certs/site.pem
    output
    text
    # transaction
    */etc/hapee-3.1/certs/site.pem
    # filename
    /etc/hapee-3.1/certs/site.pem

  2. Call dump ssl cert to create the PEM file using the SSL certificate currently in use in runtime memory, redirecting the output to the desired location:

    nix
    echo "dump ssl cert /etc/hapee-3.1/certs/site.pem" | \
      sudo socat stdio tcp4-connect:127.0.0.1:9999 > /etc/hapee-3.1/ssl-certs/example.com.pem
    nix
    echo "dump ssl cert /etc/hapee-3.1/certs/site.pem" | \
      sudo socat stdio tcp4-connect:127.0.0.1:9999 > /etc/hapee-3.1/ssl-certs/example.com.pem

    The data in the file will capture the current state of the certificate.

  3. Call dump ssl cert to create the PEM file using the SSL certificate in the uncommitted transaction in runtime memory, redirecting the output to the desired location. The asterisk indicates that the in-memory certificate pathname is in an uncommitted transaction.

    nix
    echo "dump ssl cert */etc/hapee-3.1/certs/site.pem" | \
      sudo socat stdio tcp4-connect:127.0.0.1:9999 > /etc/hapee-3.1/ssl-certs/example.com.pem
    nix
    echo "dump ssl cert */etc/hapee-3.1/certs/site.pem" | \
      sudo socat stdio tcp4-connect:127.0.0.1:9999 > /etc/hapee-3.1/ssl-certs/example.com.pem

    The data in the file will capture the state of the uncommitted certificate.

See also Jump to heading

Do you have any suggestions on how we can improve the content of this page?

Previous page disable server Next page dump stats-file
© 2025 HAProxy Technologies, LLC. All Rights Reserved
Manage Cookie Preferences