A Certificate Revocation List (CRL) is a list of certificate serial numbers that the issuing Certificate Authority (CA) says have been revoked, so that systems can be updated not to trust users that present those revoked certificates. If the edge gateway for your vCloud Director organization virtual datacenter has been converted to an advanced edge gateway, you can use the vCloud Director tenant portal to add CRLs to the edge gateway.

As described in the NSX Administration Guide, the CRL contains the following items:

The revoked certificates and the reasons for revocation

The dates that the certificates are issued

The entities that issued the certificates

A proposed date for the next release

When a potential user attempts to access a server, the server allows or denies access based on the CRL entry for that particular user.

For the ability to use the vCloud Director tenant portal to work with an edge gateway's settings, the edge gateway must have already been converted to an advanced edge gateway using the Convert to Advanced Gateway action on the edge gateway in the vCloud Director Web console. See the vCloud Director Administrator's Guide for details.


Launch the tenant portal using the following steps.


Log in to the vCloud Director Web console and navigate to the edge gateway.


Right-click the name of the edge gateway and click Edge Gateway Services in the context menu.

The tenant portal opens in a new browser tab and displays the Edge Gateway screen for that edge gateway.


Click the Certificates tab.


Click + CLR.


Provide the CLR's data using one of these methods:

If the data is in a PEM file on a system you can navigate to, click the import button to browse to the file and select it.

If you can copy and paste the PEM data, paste it into the CRL (PEM format) field. Include the -----BEGIN X509 CRL----- and -----END X509 CRL----- lines.


(Optional) Type an optional description.


Click Keep.

The CRL appears in the on-screen list.