Enabling certificate rules results in software restriction policies checking a certificate revocation list (CRL) to make sure that the software's certificate and signature are valid. When you start signed programs, this setting can decrease system performance. You can disable CRLs by editing the software restriction policies in the desired GPO.
Mar 04, 2011 Certificate Validation and Revocation The Certificate Validation module is used by the Security Token Service to validate X.509 tokens and to verify whether or not the certificates have been revoked. It supports the following options: A Certificate Revocation List (CRL) is a list of certificates (identified by serial numbers) that have been revoked. X509ClientCertificateAuthentication.RevocationMode When using certificates, the system validates that the client certificate is not revoked, by checking that the client certificate is not in the revoked certificate list. This check can be performed either by checking online or by checking against a cached revocation list. Revocation checking can be turned off by setting this property to NoCheck. Internet Explorer while browsing: "Revocation information Jul 24, 2019
Sep 03, 2019 · Certificate Revocation Lists (CRL) The most basic form of revocation check available is the CRL. A basic text file created by the Certificate Authority which must be manually uploaded (regularly) to the device which is to perform the revocation checks.
May 22, 2019 What is Revocation? - Definition from Techopedia
The only way to achieve that “instant global revocation” level of perfection, would be for the security of every TLS connection being made everywhere on the Internet to be individually verified, in real time, by the issuing certificate authority.
The revocation of the certificate affects only AIR apps developed by Adobe and signed using the impacted Adobe code signing certificate. Adobe is in the process of issuing updates for those apps signed with a new Adobe code signing certificate. Client-Driven OCSP and OCSP Stapling Use the Online Certificate Status Protocol (OCSP), available since JDK 8u261, to determine the X.509 certificate revocation status during the Transport Layer Security (TLS) handshake. X.509 certificates used in TLS can be revoked by the issuing Certificate Authority (CA) if there is reason to believe that a certificate is compromised. Certificate authority - Wikipedia