Reference

show ssl crl-file

Available since

  • HAProxy 2.5
  • HAProxy Enterprise 2.5r1

Display information about CRL files.

Description Jump to heading

Display information about CRL files. If the output shows a CRL filename prefixed with an asterisk (*), it is a transaction which is not committed yet.

If you specify a CRL filename as an argument after the crl-file keyword, the output shows the status of the CRL file (“Used”/“Unused”) followed by details about the lists contained in the CRL file. The details displayed for every list are based on the output of openssl crl -text -noout -in <file>.

If you specify a CRL filename with an index as in <crlfile>:<index>, the output includes details of the certificate having the specified index. Indexes start from 1. If the index is invalid (for instance, it exceeds the number of certificates), nothing is displayed.

This command is useful for checking if a CRL file was properly updated. You can also display the details of an ongoing transaction by prefixing the filename by an asterisk.

Examples Jump to heading

nix
echo "show ssl crl-file" | \
sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo "show ssl crl-file" | \
sudo socat stdio tcp4-connect:127.0.0.1:9999

List all CRL files:

output
text
# transaction
*crlfile.pem
# filename
crlfile.pem
output
text
# transaction
*crlfile.pem
# filename
crlfile.pem

List details for CRL file crlfile.pem:

nix
echo "show ssl crl-file crlfile.pem" | \
sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo "show ssl crl-file crlfile.pem" | \
sudo socat stdio tcp4-connect:127.0.0.1:9999
output
text
Filename: /home/barney/work/haproxy/reg-tests/ssl/crlfile.pem
Status: Used
Certificate Revocation List #1:
Version 1
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=FR/O=HAProxy Technologies/CN=Intermediate CA2
Last Update: Apr 23 14:45:39 2021 GMT
Next Update: Sep 8 14:45:39 2048 GMT
Revoked Certificates:
Serial Number: 1008
Revocation Date: Apr 23 14:45:36 2021 GMT
Certificate Revocation List #2:
Version 1
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=FR/O=HAProxy Technologies/CN=Root CA
Last Update: Apr 23 14:30:44 2021 GMT
Next Update: Sep 8 14:30:44 2048 GMT
No Revoked Certificates.
output
text
Filename: /home/barney/work/haproxy/reg-tests/ssl/crlfile.pem
Status: Used
Certificate Revocation List #1:
Version 1
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=FR/O=HAProxy Technologies/CN=Intermediate CA2
Last Update: Apr 23 14:45:39 2021 GMT
Next Update: Sep 8 14:45:39 2048 GMT
Revoked Certificates:
Serial Number: 1008
Revocation Date: Apr 23 14:45:36 2021 GMT
Certificate Revocation List #2:
Version 1
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=FR/O=HAProxy Technologies/CN=Root CA
Last Update: Apr 23 14:30:44 2021 GMT
Next Update: Sep 8 14:30:44 2048 GMT
No Revoked Certificates.

List details for the second certificate in temporary (uncommitted) CRL file crlfile.pem.

nix
echo "show ssl crl-file *crlfile.pem:2" | \
sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo "show ssl crl-file *crlfile.pem:2" | \
sudo socat stdio tcp4-connect:127.0.0.1:9999
output
text
Filename: */home/barney/work/haproxy/reg-tests/ssl/crlfile.pem
Status: Unused
Certificate #2:
Serial: 587A1CE5ED855040A0C82BF255FF300ADB7C8136
[...]
output
text
Filename: */home/barney/work/haproxy/reg-tests/ssl/crlfile.pem
Status: Unused
Certificate #2:
Serial: 587A1CE5ED855040A0C82BF255FF300ADB7C8136
[...]

See also Jump to heading

Do you have any suggestions on how we can improve the content of this page?