• A proxy server is configured to reach Internet destinations (including Smartcard cert issuer CRL URLs).
• vCenter does route normal Internet traffic through the proxy
• Attempts to reach the CRL URL of a Smartcard issuer fails to use the proxy and instead tries to access that location directly.

vCenter 7.x

vCenter 8.x

vCenter Smartcard Authentication feature does not use proxy for CRL (certificate revocation checking).

Workaround this issue by downloading the CRL file and hosting locally on a local web server to vCenter Server.

Set the CRL Location, Use this property if you deactivate Use CRL from certificate and you want to specify a location (file or HTTP URL) where the CRL is located.

VCF 9.0 removes the support for the Smart Card authentication method in the vCenter Server, before upgrading to VCF 9.0, an existing vCenter Server Appliance from an older version must have this authentication method disabled. The vCenter Server administrator must manually disable the Smart Card authentication and ensure alternative authentication. Customers can use MFA through federated authentication. See here for more information on Configuring vCenter Server Identity Provider Federation.