In PAN-OS, certificate revocation status
verification is an optional feature. It is a best practice to enable
it for certificate profiles, which define user and device authentication
for Authentication Portal, GlobalProtect, site-to-site IPSec VPN,
and web interface access to the firewall or Panorama, to verify
that the certificate hasn’t been revoked.