dynamic SSL certificates: new CLI commands

William Lallemand Tue, 07 Apr 2020 01:41:27 -0700

Hello List,

The new dynamic certificates CLI commands are available in HAProxy 2.2.
To add or delete a certificate, you need to use a directory or a
crt-list on your bind line.


The new commands are:

- new ssl cert
- add ssl crt-list
- del ssl crt-list
- show ssl crt-list

And their documentation is available in the management guide:
https://github.com/haproxy/haproxy/blob/master/doc/management.txt

You can use them this way:

  $ echo "new ssl cert foobar.pem" | socat /tmp/sock1 -
  $ echo -e "set ssl cert foobar.pem <<\n$(cat foobar.pem)\n" | socat 
/tmp/sock1 -
  $ echo "commit ssl cert foobar.pem" | socat /tmp/sock1 - 
  $ echo "add ssl crt-list certlist1 foobar.pem" | socat /tmp/sock1 -

  $ echo -e 'add ssl crt-list certlist1 <<\nfoobar.pem [allow-0rtt] foo.bar.com 
!test1.com\n' | socat /tmp/sock1 -

  $ echo 'del ssl crt-list certlist1 foobpar.pem' | socat /tmp/sock1 -

This is available in haproxy 2.2, tests and feedbacks are welcome!

-- 
William Lallemand

dynamic SSL certificates: new CLI commands

Reply via email to