c8d2a1133e
This sets up the CRL file to be triggered on the certmonger_user resource. Furtherly, HAProxy uses this CRL file in the member options, thus effectively enabling revocation for proxied nodes. So, if a certificate has been revoked by the CA, HAProxy will not proxy requests to it. bp tls-via-certmonger Change-Id: I4f1edc551488aa5bf6033442c4fa1fb0d3f735cd
7 lines
271 B
YAML
7 lines
271 B
YAML
---
|
|
security:
|
|
- If the crl_file parameter is given to the ::tripleo::haproxy resource and
|
|
TLS is enabled in the internal network, it will configure the CRL file for
|
|
all the nodes it's proxying and thus properly handle revocation of the
|
|
server certificates.
|