Hello,
Am 06.10.2017 um 15:33 schrieb Marco Corte: > > Is there a way to deny the access to some certificates without using a > certificate revocation list? > I am trying with ACLs like > > acl revoked_cert ssl_c_serial,hex 0x25 > or > acl revoked_cert ssl_c_sha1,hex 0xFC481501DB98290C5E9B22530D2CA73EB36E76C5 > I think this should be: acl revoked_cert ssl_c_sha1 -m bin FC481501DB98290C5E9B22530D2CA73EB36E76C5 According to the configuration manual: http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#7.1.5 Note that you do NOT prepend "0x" to the hex value and use "-m bin" for the comparison: cheers, lukas