CRE-2025-0121

NGINX Ingress Controller SSL Certificate FailureCritical
Impact: 10/10
Mitigation: 7/10

Critical NGINX Ingress Controller SSL certificate validation failure detected. This pattern indicates

cascading SSL failures where certificate verification errors lead to upstream connection failures

and service unavailability. The failure sequence shows SSL handshake failures, certificate verification

errors, and resulting HTTP error responses that affect client connectivity.

IMMEDIATE ACTIONS:

Check SSL certificate expiration: `openssl x509 -in cert.pem -text -noout | grep -A2 Validity`
Verify certificate chain: `openssl verify -CAfile ca-bundle.pem server.crt`
Test SSL connectivity: `openssl s_client -connect hostname:443 -servername hostname`
Check NGINX SSL configuration: `nginx -t && nginx -s reload`
Monitor SSL handshake errors in real-time: `tail -f /var/log/nginx/error.log | grep SSL`

RECOVERY STEPS:

Replace expired/invalid certificates with valid ones
Update certificate chain with proper intermediate certificates
Verify CA bundle contains trusted root certificates
Restart NGINX Ingress Controller: `kubectl rollout restart deployment/nginx-ingress-controller`
Test SSL endpoints: `curl -v https://your-domain.com/health`
Monitor certificate auto-renewal processes

PREVENTION: