The controller components rely on the public certificates in the respective truststore to establish trust with a given identity. Therefore, revoking trust from a client with a given public certificate amounts to removing its certificate from the respective truststore. To remove a given certificate from the truststore:
For the controller’s REST API, a CRL (Certificate Revocation List) might also be specified to allow blacklisting of certain clients. This is done by modifying the
/opt/sdn/virgo/configuration/tomcat-server.xml file to include the CRL file location in the SSL connector:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="../admin/keystore" keystorePass="skyline" crlFile="