I have set CRL file in nginx with
However, I noticed that adding or removing revoked certificates from crl.pem apply only when I restart or reload nginx server.
What is best practice for this? Reloading nginx configuration when crl.pem changes or something else?
Just reload nginx when you make any changes to the file. This will cause it to re-read the files without interrupting any existing connections or needing to restart. For example (RHEL/CentOS):
service nginx reload
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.