A Certificate Revocation List (CRL) is a list of digital certificates that the issuing Certificate Authority (CA) claims to be revoked, so that systems can be updated not to trust users that present those revoked certificates. You can add CRLs to the edge gateway.

As described in the NSX Administration Guide, the CRL contains the following items:

  • The revoked certificates and the reasons for revocation
  • The dates that the certificates are issued
  • The entities that issued the certificates
  • A proposed date for the next release

When a potential user attempts to access a server, the server allows or denies access based on the CRL entry for that particular user.


  1. Open Edge Gateway Services.
    1. In the top navigation bar, click Networking and click Edge Gateways.
    2. Select the edge gateway that you want to edit and click Services.
  2. Click the Certificates tab.
  3. Click CRL.
  4. Provide the CRL data.
    • If the data is in a PEM file on a system you can navigate to, click the Upload button to browse to the file and select it.
    • If you can copy and paste the PEM data, paste it into the CRL (PEM format) field.

      Include the -----BEGIN X509 CRL----- and -----END X509 CRL----- lines.

  5. (Optional) Type a description.
  6. Click Keep.


The CRL appears in the on-screen list.