DOC: configuration: add the ca-file changes

Add the documentation about the directory support and @system-ca for the "ca-file" directive.
2025-01-18 19:50:54 +00:00 · 2022-04-01 23:49:11 +02:00 · 2022-04-01 23:49:11 +02:00 · 34107800dd
commit 34107800dd
parent c6b1763dcd
1 changed files with 10 additions and 2 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -13631,7 +13631,9 @@ ecdhe <named curve>
 ca-file <cafile>
  This setting is only available when support for OpenSSL was built in. It
  designates a PEM file from which to load CA certificates used to verify
-  client's certificate.
+  client's certificate. It is possible to load a directory containing multiple
+  CAs, in this case HAProxy will try to load every ".pem", ".crt", ".cer", and
+  .crl" available in the directory.

 ca-ignore-err [all|<errorID>,...]
  This setting is only available when support for OpenSSL was built in.
@ -14418,7 +14420,13 @@ backup
 ca-file <cafile>
  This setting is only available when support for OpenSSL was built in. It
  designates a PEM file from which to load CA certificates used to verify
-  server's certificate.
+  server's certificate. It is possible to load a directory containing multiple
+  CAs, in this case HAProxy will try to load every ".pem", ".crt", ".cer", and
+  .crl" available in the directory.
+
+  In order to use the trusted CAs of your system, the "@system-ca" parameter
+  could be used in place of the cafile. The location of this directory could be
+  overwritten by setting the SSL_CERT_DIR environment variable.

 check
  This option enables health checks on a server: