commit ssl crl-file

Commit a temporary SSL CRL file update transaction.

Description Jump to heading #

Commit a temporary SSL CRL file update transaction. Changes made to a CRL file using set ssl crl-file exist in a temporary transaction until committed using commit ssl crl-file. Alternatively, they can be aborted with abort ssl crl-file.

When committing to an existing CRL file (one marked “Used” in show ssl crl-file output), the new CRLs are integrated with the existing CRLs in runtime memory. Once the temporary transaction is committed, it is destroyed.

When committing to a new CRL file (one just created with the new ssl crl-file command and which would subsequently be marked “Unused” in show ssl crl-file output), the CRL file will be inserted into memory but it won’t be used anywhere in the load balancer.

To use the CRL file and generate SSL contexts that use it, you will need to add it to a crt-list with add ssl crt-list. This operation changes only the CRL list in memory. To make the changes permanent, also make the changes to the CRL file on disk.

Examples Jump to heading #

nix
echo -e "set ssl crl-file crlfile.pem <<\n$(cat rootCRL.pem)\n" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999

nix
echo -e "set ssl crl-file crlfile.pem <<\n$(cat rootCRL.pem)\n" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999

nix
echo "commit ssl crl-file crlfile.pem" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999

nix
echo "commit ssl crl-file crlfile.pem" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999

See also Jump to heading #

• abort ssl crl-file
• add ssl crt-list
• del ssl crl-file
• new ssl crl-file
• set ssl crl-file
• show ssl crl-file