Skip to content
Last update: 2021-10-15

Certificate revocation lists

You can revoke certificates when the key or CA has been compromised, or the certificate is no longer valid for the original purpose. CAs maintain a list of revoked certificates.

The default certificate revocation list (CRL) only applies to locally-signed certificates that are created by Sophos Firewall and is automatically added to the CRL when you add a new CA.

For externally-created certificates, you must upload a CRL from the corresponding external CA.

Back to top