To ensure that your FortiWeb appliance validates only certificates that have not been revoked, you should periodically upload a current certificate revocation list (CRL), which may be provided by certificate authorities (CA).
1. Go to System > Certificates > CRL.
To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the Admin Users category. For details, see Permissions.
2. To upload a CRL file, click Import.
A dialog appears.
3. Do one of the following to locate a CRL file:
4. Click OK.
The imported CRL file appears on System > Certificates > CRL with a name automatically assigned by the FortiWeb appliance, such as CRL_1.
5. To use the CRL for client PKI authentication, select the CRL in a certificate verification rule (see Configuring FortiWeb to validate client certificates).