diff --git a/doc/management.txt b/doc/management.txt
index 12d378822..91b36af3b 100644
--- a/doc/management.txt
+++ b/doc/management.txt
@@ -3617,7 +3617,7 @@ show ssl cert [[*][\]<filename>]
     Status: Used
     [...]
 
-show ssl crl-file [<crlfile>[:<index>]]
+show ssl crl-file [[*][\]<crlfile>[:<index>]]
   Display the list of CRL files loaded into the process. They are not used
   by any frontend or backend until their status is "Used".
   If a filename is prefixed by an asterisk, it is a transaction which is not
@@ -3630,7 +3630,8 @@ show ssl crl-file [<crlfile>[:<index>]]
   If the index is invalid (too big for instance), nothing will be displayed.
   This command can be useful to check if a CRL file was properly updated.
   You can also display the details of an ongoing transaction by prefixing the
-  filename by an asterisk.
+  filename by a '*'. If the first character of the filename is a '*', it can be
+  escaped with '\*'.
 
   Example :
 
diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 869b4a2d1..7e9dd44e5 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -4191,7 +4191,7 @@ static int show_crl_detail(X509_CRL *crl, struct buffer *out)
 	return 0;
 }
 
-/* IO handler of details "show ssl crl-file <filename[:index]>".
+/* IO handler of details "show ssl crl-file [*][\]<filename[:index]>".
  * It uses show_crlfile_ctx and the global
  * crlfile_transaction.new_cafile_entry in read-only.
  */
@@ -4293,18 +4293,26 @@ static int cli_parse_show_crlfile(char **args, char *payload, struct appctx *app
 		}
 
 		if (*args[3] == '*') {
+			char *filename = args[3]+1;
+
+			if (filename[0] == '\\')
+				 filename++;
 			if (!crlfile_transaction.new_crlfile_entry)
 				goto error;
 
 			cafile_entry = crlfile_transaction.new_crlfile_entry;
 
-			if (strcmp(args[3] + 1, cafile_entry->path) != 0)
+			if (strcmp(filename, cafile_entry->path) != 0)
 				goto error;
 
 		} else {
+			char *filename = args[3];
+
+			if (filename[0] == '\\')
+				filename++;
 			/* Get the "original" cafile_entry and not the
 			 * uncommitted one if it exists. */
-			if ((cafile_entry = ssl_store_get_cafile_entry(args[3], 1)) == NULL || cafile_entry->type != CAFILE_CRL)
+			if ((cafile_entry = ssl_store_get_cafile_entry(filename, 1)) == NULL || cafile_entry->type != CAFILE_CRL)
 				goto error;
 		}