VxRail: Unable to Import vCenter Root Certificates Due to Empty or Corrupted CRL Files

When following Dell KB article VxRail: How to manually import vCenter SSL certificate on VxRail Manager to manually import vCenter server certificate, errors display when converting the .r files:

#openssl crl -outform der -in /tmp/certificates/certs/lin/e1f7261b.r1 -out newcrltfile1
unable to load CRL

OR

#cert_util_init.py script failed with error:
Failed to find a matching root CA Certificate/CRL set that could verify vCenter certificate
OR
Failed to installed vCenter certificate with Chrome, error:
The Private Key for this Client Certificate is missing or invalid OR Invalid or corrupt file

The vCenter root Certificate CRL file is empty or corrupted.

How to check if this is the issue:

1. Download and extract the latest vCenter root certificate (Download and install vCenter Server root certificates to avoid web browser certificate warnings).
2. Check if any CRL file is empty or corrupted (screenshot below):
   

Or

1. SSH to PSC and vCenter with root credential
2. Change to the directory /etc/ssl/certs.
3. Check if any .r file is 0 bytes or corrupted.

To resolve this issue:

1. If any empty or corrupted CRL file is found on the PSC and or vCenter, take OFFLINE snapshots for PSC and vCenter before proceeding.
2. Follow instructions from VMware KB article 59555 to run fix_crl.sh script (vmware-vapi-endpoint fails to start or crashes after upgrading to vCenter Server 6.5 Update 2). The script should be performed on both VCSA and PSC.
3. On vCenter, go to folder /etc/vmware-vpx/docRoot/certs.
4. If the empty (0 bytes) or corrupted CRL files still exist, DELETE the file from this directory.
5. Reboot PSC and vCenter after fix_crl.sh.
6. Reimport the vCenter root certificate to the VxRail manager.