Hi,
I am using HAProxy and I have crt-list
configured (bind :443 ssl crt-list /etc/haproxy/crt-list.txt
) to load certificates from a directory (i handle certificates of multiple domains) and I route according to the url pattern. Everything works well as expected.
As I understand, when HAProxy server comes up, it will read all certificates from directory and will be stored in memory / cache. For new certificates need to be added / existing need to be modified, API can be used. In this scenario, I am little concerned about the performance, like when more certificates comes up (I am thinking in a futuristic way, handling 10000s of certificates), how to balance load and all. Also, crt-list
file will get populated by too many entries, which becomes really hard to manage.
Somebody kindly tell me, what all needs to be considered and how to address the situation?
Thanks in advance.