Certificate revocation lists
Certificates are revoked, for example, when the private key or CA has been compromised or the certificate is no longer valid for the original purpose. CAs maintain a list of revoked certificates.
-
You can only revoke locally-signed certificates in the firewall. The firewall automatically updates the default certificate revocation list (CRL) with the revoked certificate details.
To download a CRL, click Download for the CA you want. You can then extract the
.crl
file from the.tar
file. -
For externally-generated certificates, you must upload a CRL from the corresponding external CA.