How to reload Certificate Revocation List (CRL) in nginx?

Question

I have set CRL file in nginx with ssl_crl directive:

ssl_crl /mypath/crl.pem

However, I noticed that adding or removing revoked certificates from crl.pem apply only when I restart or reload nginx server.

What is best practice for this? Reloading nginx configuration when crl.pem changes or something else?

score 5 · Accepted Answer · answered Nov 14 '12 at 17:41

5

Just reload nginx when you make any changes to the file. This will cause it to re-read the files without interrupting any existing connections or needing to restart. For example (RHEL/CentOS):

service nginx reload

answered Nov 14 '12 at 17:41

Michael Hampton

237,123
42
477
940

How to reload Certificate Revocation List (CRL) in nginx?

1 Answers1