How to reload Certificate Revocation List (CRL) in nginx?

on

bmihelac asked:

I have set CRL file in nginx with ssl_crl directive:

ssl_crl /mypath/crl.pem

However, I noticed that adding or removing revoked certificates from crl.pem apply only when I restart or reload nginx server.

What is best practice for this? Reloading nginx configuration when crl.pem changes or something else?

My answer:

Just reload nginx when you make any changes to the file. This will cause it to re-read the files without interrupting any existing connections or needing to restart. For example (RHEL/CentOS):

service nginx reload

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Related Post

Nginx & Apache Cannot get try_files to work with permalinks

Can't get grub2 boot menu via COM2 port

Nginx config should I deny requests that are missing the accept header

Where to install custom apps and data following FHS

Configure Exim to work with IPv6 and G Suite

Are there good reasons not to disable /etc/init.d/network on centos-7 in favor of exclusively using NetworkManager?