Import a Certificate
Revocation List
A certificate revocation list (CRL) is
a list of subscribers and their certificate status. When a potential user attempts to access
a server, the server denies access based on the CRL entry for that particular user. This
topic describes how to import a CRL into the
NSX Manager
.Verify that a CRL is
available.
NSX supports two CRL formats:
- PEM-encoded X.509 CRL - 40 MB maximum size, 500,000 entries
- Mozilla OneCRL - 5 MB maximum size, 10,000 entries
- Revoked certificates and the reasons for revocation
- Dates the certificates are issued
- Entities that issued the certificates
- Proposed date for the next release
- With admin privileges, log in toNSX Manager.
- Select .
- Click theCRLstab.
- To browse thedefault_public_crlfile, expand that row and clickView Details.You can view the Issuer Name and Serial Numbers details.
- To import a CRL, clickImportand add the CRL details.OptionDescriptionNameAssign a name to the CRL.CRL BundleBrowse for your PEM or JSON files and select the file for import.DescriptionEnter a summary of what is included in this CRL.
- ClickSave.
The imported CRL appears as a
link.