Skip to content

NIM doc: Secure traffic examples don’t include certificate revocation checking (CRLs) #594

New issue
New issue
Open
Bug
Open
NIM doc: Secure traffic examples don’t include certificate revocation checking (CRLs)#594
Bug
Labels
bugSomething isn't workingcustomer-feedbackcustomer-successdocumentationImprovements or additions to documentation
@travisamartin

Description

@travisamartin
travisamartin
opened on May 23, 2025

Description:

The Secure traffic guide shows how to configure SSL/TLS between NGINX Instance Manager and NGINX instances. While it includes ssl_verify on;, it omits certificate revocation checking (such as using Certificate Revocation Lists or OCSP).

This means revoked certificates—due to compromise, mis-issuance, or other reasons—may still be accepted, compromising the security of the setup.

Impact:

Users who follow the guide as written may unknowingly accept revoked certificates, creating a false sense of security.

Customer feedback

A customer rated the doc a 3/7 because of its failure to mention CRLs.

Image

Acceptance criteria:

  • Add a note that checking for revoked certificates is a recommended best practice.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingcustomer-feedbackcustomer-successdocumentationImprovements or additions to documentation

    Type

    Bug

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions