A Certificate revocation list (CRL) is a list of subscribers and their certificate status. When a potential user attempts to access a server, the server denies access based on the CRL entry for that particular user.

About this task

The list contains the following items:

  • Revoked certificates and the reasons for revocation

  • Dates the certificates are issued

  • Entities that issued the certificates

  • Proposed date for the next release

Prerequisites

Verify that a CRL is available.

Procedure

  1. From your browser, log in to an NSX Manager at https://nsx-manager-ip-address.
  2. Select System > Trust from the navigation panel.
  3. Click the CRLS tab.
  4. Click Import and add the CRL details.

    Option

    Description

    Name

    Assign a name to the CRL.

    Certificate Contents

    Copy all of the items in the CRL and paste them in this section.

    A sample CRL.

    -----BEGIN X509 CRL-----
    MIIBODCB4zANBgkqhkiG9w0BAQQFADBgMQswCQYDVQQGEwJBVTEMMAoGA1UECBMD
    UUxEMRkwFwYDVQQKExBNaW5jb20gUHR5LiBMdGQuMQswCQYDVQQLEwJDUzEbMBkG
    A1UEAxMSU1NMZWF5IGRlbW8gc2VydmVyFw0wMTAxMTUxNjI2NTdaFw0wMTAyMTQx
    NjI2NTdaMFIwEgIBARcNOTUxMDA5MjMzMjA1WjASAgEDFw05NTEyMDEwMTAwMDBa
    MBMCAhI0Fw0wMTAxMTUxNjE5NDdaMBMCAhI1Fw0wMTAxMTUxNjIzNDZaMA0GCSqG
    SIb3DQEBBAUAA0EAHPjQ3M93QOj8Ufi+jZM7Y78TfAzG4jJn/E6MYBPFVQFYo/Gp
    UZexfjSVo5CIyySOtYscz8oO7avwBxTiMpDEQg==
    -----END X509 CRL--  

    Description

    Enter a summary of what is included in this CRL.

  5. Click Save.

Results

The imported CRL appears as a link.