A certificate revocation list (CRL) is a list of subscribers and their certificate status. When a potential user attempts to access a server, the server denies access based on the CRL entry for that particular user. This topic describes how to import a CRL into the NSX Manager.
NSX supports two CRL formats:
- PEM-encoded X.509 CRL - 40 MB maximum size, 500,000 entries
- Mozilla OneCRL - 5 MB maximum size, 10,000 entries
- Revoked certificates and the reasons for revocation
- Dates the certificates are issued
- Entities that issued the certificates
- Proposed date for the next release
Prerequisites
Verify that a CRL is available.
Procedure
Results
The imported CRL appears as a link.