To create a CRL:
In the CLI Manager, navigate to Administration > OS Console.
Run the following command to revoke a client certificate:
openssl ca -config demoCA/newcerts/openssl.cnf -revoke Client.crt -keyfile CA.key -cert CA.crt
Run the following command to generate a CRL:
openssl ca -config demoCA/newcerts/openssl.cnf -gencrl -keyfile CA.key -cert CA.crt -out Client.crl
To upload CRL:
On the ESA Web UI, navigate to Settings > Network > Certificate Repository .
Click Upload New Files.
The Upload new file to repository dialog box appears.
Click Certificate Revocation List to upload a CRL file.
Click Choose File to select a CRL file.
Enter the required description in the Description text box.
Click Upload.
A confirmation message appears and the CRL is uploaded to the ESA.