NIM doc: Secure traffic examples don’t include certificate revocation checking (CRLs) #594
Labels
bug
Something isn't working
customer-feedback
customer-success
documentation
Improvements or additions to documentation
Comments
travisamartin
added
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Description:
The Secure traffic guide shows how to configure SSL/TLS between NGINX Instance Manager and NGINX instances. While it includes
ssl_verify on;, it omits certificate revocation checking (such as using Certificate Revocation Lists or OCSP).This means revoked certificates—due to compromise, mis-issuance, or other reasons—may still be accepted, compromising the security of the setup.
Impact:
Users who follow the guide as written may unknowingly accept revoked certificates, creating a false sense of security.
Customer feedback
A customer rated the doc a 3/7 because of its failure to mention CRLs.
Acceptance criteria:
The text was updated successfully, but these errors were encountered: