Chapter 3 Authentication for FortiOS 5.0 : Certificate-based authentication : Certificates overview : Certificate types on the FortiGate unit : Certificate revocation list
  
Certificate revocation list
Certificate revocation list (CRL) is a list of certificates that have been revoked and are no longer usable. This list includes certificates that have expired, been stolen, or otherwise compromised. If your certificate is on this list, it will not be accepted. CRLs are maintained by the CA that issues the certificates and includes the date and time when the next CRL will be issued as well as a sequence number to help ensure you have the most current version of the CRL.