Reference
show ssl crl-file
Available since
- HAProxy 2.5
- HAProxy Enterprise 2.5r1
Display information about CRL files.
Description Jump to heading
Display information about CRL files. If the output shows a CRL filename prefixed with an asterisk (*
), it is a transaction which is not committed yet.
If you specify a CRL filename as an argument after the crl-file
keyword, the output shows the status of the CRL file (“Used”/“Unused”) followed by details about the lists contained in the CRL file. The details displayed for every list are based on the output of openssl crl -text -noout -in <file>
.
If you specify a CRL filename with an index as in <crlfile>:<index>
, the output includes details of the certificate having the specified index. Indexes start from 1. If the index is invalid (for instance, it exceeds the number of certificates), nothing is displayed.
This command is useful for checking if a CRL file was properly updated. You can also display the details of an ongoing transaction by prefixing the filename by an asterisk.
Examples Jump to heading
nix
echo "show ssl crl-file" | \sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo "show ssl crl-file" | \sudo socat stdio tcp4-connect:127.0.0.1:9999
List all CRL files:
outputtext
# transaction*crlfile.pem# filenamecrlfile.pem
outputtext
# transaction*crlfile.pem# filenamecrlfile.pem
List details for CRL file crlfile.pem
:
nix
echo "show ssl crl-file crlfile.pem" | \sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo "show ssl crl-file crlfile.pem" | \sudo socat stdio tcp4-connect:127.0.0.1:9999
outputtext
Filename: /home/barney/work/haproxy/reg-tests/ssl/crlfile.pemStatus: UsedCertificate Revocation List #1:Version 1Signature Algorithm: sha256WithRSAEncryptionIssuer: /C=FR/O=HAProxy Technologies/CN=Intermediate CA2Last Update: Apr 23 14:45:39 2021 GMTNext Update: Sep 8 14:45:39 2048 GMTRevoked Certificates:Serial Number: 1008Revocation Date: Apr 23 14:45:36 2021 GMTCertificate Revocation List #2:Version 1Signature Algorithm: sha256WithRSAEncryptionIssuer: /C=FR/O=HAProxy Technologies/CN=Root CALast Update: Apr 23 14:30:44 2021 GMTNext Update: Sep 8 14:30:44 2048 GMTNo Revoked Certificates.
outputtext
Filename: /home/barney/work/haproxy/reg-tests/ssl/crlfile.pemStatus: UsedCertificate Revocation List #1:Version 1Signature Algorithm: sha256WithRSAEncryptionIssuer: /C=FR/O=HAProxy Technologies/CN=Intermediate CA2Last Update: Apr 23 14:45:39 2021 GMTNext Update: Sep 8 14:45:39 2048 GMTRevoked Certificates:Serial Number: 1008Revocation Date: Apr 23 14:45:36 2021 GMTCertificate Revocation List #2:Version 1Signature Algorithm: sha256WithRSAEncryptionIssuer: /C=FR/O=HAProxy Technologies/CN=Root CALast Update: Apr 23 14:30:44 2021 GMTNext Update: Sep 8 14:30:44 2048 GMTNo Revoked Certificates.
List details for the second certificate in temporary (uncommitted) CRL file crlfile.pem
.
nix
echo "show ssl crl-file *crlfile.pem:2" | \sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo "show ssl crl-file *crlfile.pem:2" | \sudo socat stdio tcp4-connect:127.0.0.1:9999
outputtext
Filename: */home/barney/work/haproxy/reg-tests/ssl/crlfile.pemStatus: UnusedCertificate #2:Serial: 587A1CE5ED855040A0C82BF255FF300ADB7C8136[...]
outputtext
Filename: */home/barney/work/haproxy/reg-tests/ssl/crlfile.pemStatus: UnusedCertificate #2:Serial: 587A1CE5ED855040A0C82BF255FF300ADB7C8136[...]
See also Jump to heading
Do you have any suggestions on how we can improve the content of this page?