A Certificate Revocation List (CRL) is a list of digital certificates that the issuing Certificate Authority (CA) claims to be revoked, so that systems can be updated not to trust users that present those revoked certificates. If the edge gateway for your vCloud Director organization virtual data center has been converted to an advanced edge gateway, you can use the vCloud Director tenant portal to add CRLs to the edge gateway.

As described in the NSX Administration Guide, the CRL contains the following items:

  • The revoked certificates and the reasons for revocation

  • The dates that the certificates are issued

  • The entities that issued the certificates

  • A proposed date for the next release

When a potential user attempts to access a server, the server allows or denies access based on the CRL entry for that particular user.


To use the vCloud Director tenant portal to work with edge gateway services, the edge gateway must be converted to an advanced edge gateway. You can do this on the edge gateway in the vCloud Director Web console or from the tenant portal. For details on performing this step from the tenant portal, see Convert an Edge Gateway to an Advanced Edge Gateway.


  1. Open Edge Gateway Services.
    1. Navigate to Networking > Edges.
    2. Select the edge gateway to edit, and click Configure Services.
  2. Click the Certificates tab.
  3. Click CRL.
  4. Provide the CRL data.
    • If the data is in a PEM file on a system you can navigate to, click the Upload button to browse to the file and select it.

    • If you can copy and paste the PEM data, paste it into the CRL (PEM format) field.

      Include the -----BEGIN X509 CRL----- and -----END X509 CRL----- lines.

  5. (Optional) Type a description.
  6. Click Keep.


The CRL appears in the on-screen list.