In PAN-OS, certificate revocation status
verification is an optional feature. It is a best practice to enable
it for certificate profiles, which define user and device authentication
for Captive Portal, GlobalProtect, site-to-site IPSec VPN, and web
interface access to the firewall or Panorama, to verify that the certificate
hasn’t been revoked.