From aeb5cbdb23c93c21583f9f88bae3c8950130e4f9 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Mon, 1 Jul 2024 12:17:00 +0200 Subject: [PATCH] DOC: configuration: add details about crt-store in bind "crt" keyword Add some details about the certificate storage cache system in the "crt" bind keyword. This should be backported to 3.0. Fix issue #2618. (cherry picked from commit ba37ad41b26a6ba83581821c13426a7fbe4d2494) Signed-off-by: William Lallemand --- doc/configuration.txt | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 8a60a6ea2..c8cef147d 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -15941,8 +15941,15 @@ crl-file list for every certificate of your certificate authority chain. crt - This setting is only available when support for OpenSSL was built in. It - designates a PEM file containing both the required certificates and any + This setting is only available when support for OpenSSL was built in. + + HAProxy uses a cache system, the files are loaded only once in the certificate + storage, and each next "crt" keyword will use this cached version. When the + certificate was declared in a "crt-store", the certificate storage is + populated from there and don't try to load additional files by detecting file + extensions. + + It designates a PEM file containing both the required certificates and any associated private keys. This file can be built by concatenating multiple PEM files into one (e.g. cat cert.pem key.pem > combined.pem). If your CA requires an intermediate certificate, this can also be concatenated into this