Certificate Revocation List (CRL) commands provide the ability to display or erase X.509 CRLs.

CRLs are used during TLS connection establishment to verify whether a certificate presented by Communication Manager is valid or has been revoked. They are automatically downloaded on an as-needed basis by the gateway whenever CRL validation has been enabled using the certificate-options CLI command set crl-http-validation.