From: William Lallemand Date: Mon, 1 Jul 2024 10:17:00 +0000 (+0200) Subject: DOC: configuration: add details about crt-store in bind "crt" keyword X-Git-Tag: v3.1-dev3~32 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ba37ad41b26a6ba83581821c13426a7fbe4d2494;p=thirdparty%2Fhaproxy.git DOC: configuration: add details about crt-store in bind "crt" keyword Add some details about the certificate storage cache system in the "crt" bind keyword. This should be backported to 3.0. Fix issue #2618. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 01b078abc8..76a5df0624 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -15945,8 +15945,15 @@ crl-file list for every certificate of your certificate authority chain. crt - This setting is only available when support for OpenSSL was built in. It - designates a PEM file containing both the required certificates and any + This setting is only available when support for OpenSSL was built in. + + HAProxy uses a cache system, the files are loaded only once in the certificate + storage, and each next "crt" keyword will use this cached version. When the + certificate was declared in a "crt-store", the certificate storage is + populated from there and don't try to load additional files by detecting file + extensions. + + It designates a PEM file containing both the required certificates and any associated private keys. This file can be built by concatenating multiple PEM files into one (e.g. cat cert.pem key.pem > combined.pem). If your CA requires an intermediate certificate, this can also be concatenated into this