Am 02.06.2023 um 04:13 schrieb Shawn Heisey:
@Matthias I have no idea whether crt-list can load all certs in a
directory like crt can. If it can't, then you will probably need a
script for starting/restarting haproxy that generates the cert list
file. If you wantthat script to be automatically run whenever someone
does `systemctl restart haproxy`, you could use the ExecStartPre and
ExecReloadPre options in a systemd service file to run your script.
My certificate files contain the server cert, the issuer cert, the
private key, and DH PARAMETERS that are unique to that cert.
maybe adding a global configuration parameter to enable ocsp retrieval
for all certificates?
Adding an additional script does not make sense to me. If this would be
required a keep with the current setup that proved to work fine.
Gruß
Matthias
--
"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook