I have set CRL file in nginx with ssl_crl
directive:
ssl_crl /mypath/crl.pem
However, I noticed that adding or removing revoked certificates from crl.pem apply only when I restart or reload nginx server.
What is best practice for this? Reloading nginx configuration when crl.pem changes or something else?
Best Answer
Just reload nginx when you make any changes to the file. This will cause it to re-read the files without interrupting any existing connections or needing to restart. For example (RHEL/CentOS):