diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml
index 7b7b132272..eb79632c06 100644
--- a/docker/services/haproxy.yaml
+++ b/docker/services/haproxy.yaml
@@ -82,6 +82,10 @@ parameters:
     type: string
     description: Specifies the default CA cert to use if TLS is used for
                  services in the internal network.
+  InternalTLSCRLPEMDir:
+    default: '/etc/pki/CA/crl/'
+    type: string
+    description: The directory of the CRL PEM file to be mounted.
   ConfigDebug:
     default: false
     description: Whether to run config management (e.g. Puppet) in debug mode.
@@ -162,6 +166,11 @@ outputs:
                   - - {get_param: InternalTLSCAFile}
                     - {get_param: InternalTLSCAFile}
                     - 'ro'
+              - list_join:
+                  - ':'
+                  - - {get_param: InternalTLSCRLPEMDir}
+                    - {get_param: InternalTLSCRLPEMDir}
+                    - 'ro'
             - null
       kolla_config:
         /var/lib/kolla/config_files/haproxy.json:
@@ -247,8 +256,8 @@ outputs:
                         - /etc/pki/tls/private/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/haproxy:ro
                         - list_join:
                             - ':'
-                            - - {get_param: InternalTLSCAFile}
-                              - {get_param: InternalTLSCAFile}
+                            - - {get_param: InternalTLSCRLPEMDir}
+                              - {get_param: InternalTLSCRLPEMDir}
                               - 'ro'
                       - null
               environment: