From: William Lallemand Date: Fri, 1 Apr 2022 21:49:11 +0000 (+0200) Subject: DOC: configuration: add the ca-file changes X-Git-Tag: v2.6-dev5~54 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=34107800ddebc85e8cf6a1611251752f04cac8c1;p=thirdparty%2Fhaproxy.git DOC: configuration: add the ca-file changes Add the documentation about the directory support and @system-ca for the "ca-file" directive. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index cb05fef91c..e184f4e767 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -13631,7 +13631,9 @@ ecdhe ca-file This setting is only available when support for OpenSSL was built in. It designates a PEM file from which to load CA certificates used to verify - client's certificate. + client's certificate. It is possible to load a directory containing multiple + CAs, in this case HAProxy will try to load every ".pem", ".crt", ".cer", and + .crl" available in the directory. ca-ignore-err [all|,...] This setting is only available when support for OpenSSL was built in. @@ -14418,7 +14420,13 @@ backup ca-file This setting is only available when support for OpenSSL was built in. It designates a PEM file from which to load CA certificates used to verify - server's certificate. + server's certificate. It is possible to load a directory containing multiple + CAs, in this case HAProxy will try to load every ".pem", ".crt", ".cer", and + .crl" available in the directory. + + In order to use the trusted CAs of your system, the "@system-ca" parameter + could be used in place of the cafile. The location of this directory could be + overwritten by setting the SSL_CERT_DIR environment variable. check This option enables health checks on a server: