To use CRLs for verifying the revocation status of certificates
that authenticate users and devices, configure a certificate profile
and assign it to the interfaces that are specific to the application:
Authentication Portal, GlobalProtect (remote user-to-site or large
scale), site-to-site IPSec VPN, or web interface access to Palo Alto
Networks firewalls or Panorama. For details, see
Configure
Revocation Status Verification of Certificates.