Configuring system settings : Managing certificates : Managing the certificate revocation list
Managing the certificate revocation list
The Certificate Revocation List tab lets you view and import certificate revocation lists.
To ensure that your FortiMail unit validates only valid (not revoked) certificates, you should periodically upload a current certificate revocation list, which may be provided by certificate authorities (CA). Alternatively, you can use online certificate status protocol (OCSP) to query for certificate statuses. For more information, see “Managing OCSP server certificates”.
To access this part of the web UI, your administrator account’s:
Domain must be System
access profile must have Read or Read-Write permission to the Others category
For details, see “About administrator account permissions and domains”.
To view remote certificates, go to System > Certificate > Certificate Revocation List.
 
Table 42: Managing certificate revocation lists
GUI item
Description
Delete
(button)
Removes the selected list.
View
(button)
Select a certificate revocation list and click View to display details.
Download
(button)
Select a certificate revocation list and click Download to download a copy of the CRL file (.cer).
Import
(button)
Click to import a certificate revocation list.
Name
Displays the name of the certificate revocation list.
Subject
Displays the Distinguished Name (DN) located in the Subject field of the certificate revocation list.