The controller components rely on the public certificates in the respective truststore to establish trust with a given identity. Therefore, revoking trust from a client with a given public certificate amounts to removing its certificate from the respective truststore. To remove a given certificate from the truststore:
For the controller’s REST API, a CRL (Certificate Revocation List) might also be specified to allow blacklisting of certain clients. This is done by modifying the /opt/sdn/virgo/configuration/tomcat-server.xml
file to include the CRL file location in the SSL connector:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="../admin/keystore"
keystorePass="skyline"
crlFile="location_of_CRL file
"/>