Hot update client certs

abhamish27 · May 27, 2020, 4:14pm

My configuration
Haproxy version - 2.1.4

global
log _log local0 debug
stats socket haproxy.sock level admin

defaults
log global
mode http
option httplog
timeout connect 10s
timeout client 30s
timeout server 30s

listen stats
bind :1936
mode http
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /

frontend website
bind :8998 ssl crt finalcert.pem
default_backend goserver

backend goserver
balance roundrobin
option httpchk GET /
server server1 127.0.0.1:8999 check maxconn 30

When I have new certificates
I tried this
echo -e “set ssl cert finalcert.pem <<\n$(cat <dir_path>/morecertificates.pem)\n” | socat stdio haproxy.sock
echo “commit ssl cert finalcert.pem” | socat stdio haproxy.sock

The morecertificates.pem = finalcert.pem+

Would the above commands add the certificate to the runtime?

abhamish27 · May 28, 2020, 3:24pm

Any reply is appreciated

lukastribus · June 1, 2020, 11:11am

Are you adding new certificates or replacing existing ones?

Please read:

https://cbonte.github.io/haproxy-dconv/2.1/management.html#set%20ssl%20cert

and

https://cbonte.github.io/haproxy-dconv/2.1/management.html#commit%20ssl%20cert

abhamish27 · June 1, 2020, 6:00pm

I am adding new certificates

lukastribus · June 3, 2020, 7:57am

You cannot do this with the functionality in 2.1.

Please see:

abhamish27 · June 3, 2020, 10:37pm

Thanks for the clarification

Topic		Replies	Views
How to hot-update TLS certificates? Help!	4	3751	December 4, 2019
Does the runtime api support adding new ssl certs? Help!	4	652	April 7, 2020
TLS cert hot-update for client cert? Help!	3	562	December 26, 2019
Hot-update client CA certificates via Runtime API Help!	2	355	August 6, 2020
Is this possible - HAProxy 2 Way SSL - Cert Auth Reverse Proxy Help!	4	5236	January 10, 2019

Hot update client certs

Related Topics