Certificate revocation list (CRL) management settings are under Optimization > SSL: CRL Management. Configure on server-side appliances.

CRLs are lists of digital certificates revoked by issuing CAs before their scheduled expiration date and which should no longer be trusted. CAs periodically issue digitally signed CRLs that users can retrieve on demand. Often, CRLs are available through CRL distribution points (CDPs). Regularly checking CRLs helps ensure the integrity of digital certificates and maintain secure online environments.

Enable polling to configure the appliance to consult CRLs when performing handshake verifications of CA certificates, and to automatically check for CRL updates.

You can enable polling for common and configured CAs (which are listed under Optimization > SSL: Certificate Authorities) and for peer CAs (the certificates of which are configured under Optimization > SSL: Secure Peering (SSL)).

You can also configure the appliance to fail handshakes if it cannot find the relevant CRL. When enabled, this applies to both types of CAs: common and peering.

When the appliance automatically discovers CRL distribution points, it adds them to the list. Expand an entry to view that CA’s CDP information, which includes the URIs of each CDP, CRL details, and access history. You can also check for updates.

You can manually override the CDP information for any CA in the discovered list. Not all CAs maintain CDPs; therefore, CAs listed here are a subset of those that appear in main certificate authorities and peering trust tables.

When the appliance automatically discovers CRLs, as distinct from discovered CDPs, it adds them to the list. You can manually select and remove list entries.