A certificate revocation list (CRL) is a list of subscribers and their certificate status. When a potential user attempts to access a server, the server denies access based on the CRL entry for that particular user.

The list contains the following items:

  • Revoked certificates and the reasons for revocation
  • Dates the certificates are issued
  • Entities that issued the certificates
  • Proposed date for the next release

Prerequisites

Verify that a CRL is available.

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Select System > Certificates.
  3. Click the CRLs tab.
  4. Click Import and add the CRL details.
    Option Description
    Name Assign a name to the CRL.
    Certificate Contents

    Copy all of the items in the CRL and paste them in this section.

    A sample CRL.
    -----BEGIN X509 CRL-----
    MIIBODCB4zANBgkqhkiG9w0BAQQFADBgMQswCQYDVQQGEwJBVTEMMAoGA1UECBMD
    UUxEMRkwFwYDVQQKExBNaW5jb20gUHR5LiBMdGQuMQswCQYDVQQLEwJDUzEbMBkG
    A1UEAxMSU1NMZWF5IGRlbW8gc2VydmVyFw0wMTAxMTUxNjI2NTdaFw0wMTAyMTQx
    NjI2NTdaMFIwEgIBARcNOTUxMDA5MjMzMjA1WjASAgEDFw05NTEyMDEwMTAwMDBa
    MBMCAhI0Fw0wMTAxMTUxNjE5NDdaMBMCAhI1Fw0wMTAxMTUxNjIzNDZaMA0GCSqG
    SIb3DQEBBAUAA0EAHPjQ3M93QOj8Ufi+jZM7Y78TfAzG4jJn/E6MYBPFVQFYo/Gp
    UZexfjSVo5CIyySOtYscz8oO7avwBxTiMpDEQg==
    -----END X509 CRL--  
    Description Enter a summary of what is included in this CRL.
  5. Click Import.

Results

The imported CRL appears as a link.