set ssl crl-file

Reset an SSL Certificate Revocation List (CRL) file with new revocation lists.

Description Jump to heading #

Reset an SSL Certificate Revocation List (CRL) file with new CRLs. The command creates a new runtime CRL file into which the CRLs contained in the payload are stored.

The CRL file is kept in a temporary transaction until the transaction is committed with commit ssl crl-file, at which time it is stored in runtime memory. If a transaction with the same filename already exists, the previous CRL file entry is deleted and replaced by the new one.

To use the CRL file and generate SSL contexts that use it, you will need to add it to a crt-list with add ssl crt-list.

Optionally, you can use abort ssl crl-file to abort the transaction.

Changes to the CRL file made using the Runtime API are in memory only and not written to disk. They will therefore be lost when the load balancer stops.

This operation, once committed, changes only the CRL file in memory. To make the changes permanent, also make the changes to the CRL file on disk.

Examples Jump to heading #

nix
echo -e "set ssl crl-file crlfile.pem <<\n$(cat rootCRL.pem)\n" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999

nix
echo -e "set ssl crl-file crlfile.pem <<\n$(cat rootCRL.pem)\n" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999

nix
echo "commit ssl crl-file crlfile.pem" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999

nix
echo "commit ssl crl-file crlfile.pem" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999

See also Jump to heading #

• abort ssl crl-file
• add ssl crt-list
• commit ssl crl-file
• del ssl crl-file
• new ssl crl-file
• show ssl crl-file