Certificate Repository
A Certificate Revocation List (CRL) is a list containing entries of digital certificates that are no longer trusted as they are revoked by the issuing Certificate Authority (CA). The digital certificates can be revoked for one of the following possible reasons:
- The certificate is expired.
- The certificate is compromised.
- The certificate is lost.
- The certificate is breached.
CRLs are used to avoid the usage of certificates that are revoked and are used at various endpoints including the web browsers. When a browser makes a connection to a site, the identity of the site owner is checked using the server’s digital certificate. Also, the validity of the digital certificate is verified by checking whether the digital certificate is not listed in the Certificate Revocation List. If the certificate entry is present in this list, then the authentication for that revoked certificate fails.
The Certificate Repository screen is accessible from the ESA Web UI, navigate to Settings > Network > Certificate Repository. The following figure and table provides the details about the Certificate Repository screen.
| Callout | Action | Description |
|---|---|---|
| 1 | ID | ESA generated ID for the certificate and key file. |
| 2 | Type | Specifies the type of the file i.e. certificate, key, or CRL. |
| 3 | Archive time | It is the timestamp when the certificate was uploaded to the certificate repository. |
| 4 | Status | This column shows the status of the certificate in the Certificate Repository, which can be:
|
| 5 | Description | Displays the description given by the user when the certificate is uploaded to Certificate Repository. It is recommended to provide a meaningful description while uploading a certificate. |
| 6 |  Delete | Allows you to delete multiple selected certificates or CRLs from the Certificate Repository. Note: Only expired certificates or CRLs can be deleted. |
| 7 |  Information | Provides additional information or details about a certificate and its private key (if uploaded). |
| 8 | Delete | Allows you to delete the certificate or CRL from the Certificate Repository. Note: Only expired certificates or CRLs can be deleted. |