Describes restrictions to be aware of while revoking certificates.
Disabled by default
By default, the Certificate Revocation feature is disabled. When you enable the Certificate Revocation feature for the first time, control connections to all the devices in the network flap. We recommend that you enable the feature for the first time during a maintenance window to avoid service disruption.
When you disable the Certificate Revocation feature, control connections to all the devices in the network flap. We recommend that you disable the feature during a maintenance window to avoid service disruption
Applicable only if you are using an enterprise CA to sign certificates
You can use the Certificate Revocation feature only if you are using an enterprise CA to sign certificates for hardware WAN edge certificate authorization, SD-WAN Controller certificate authorization, or WAN edge cloud certificate authorization.
Connecting to a server to retrieve a CRL
Cisco SD-WAN Manager can connect to a server to retrieve a CRL only through the VPN 0 interface.
VPN 512 support
From Cisco vManage Release 20.11.1, connections through the VPN 512 are supported.