Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


Specify certificate revocation actions.

CRL validation on SRX Series Firewall involves checking for revoked certificates from servers. You can enable or disable the CRL validation to meet your specific security requirements. You can allow or drop the sessions when a CRL information is not available.

To enhance security, the certificate revocation checking feature has been enabled by default on SRX Series Firewalls on any SSL proxy profile.



Disable CRL validation.


Specify an action if CRL information is not present.

  • Values:

    • allow—Allow session if CRL information is not present.

    • drop—Drop session if CRL information is not present.


Allow the sessions when a certificate is revoked and the revocation reason is on hold.

Required Privilege Level


Release Information

Statement introduced in Junos OS Release 15.1X49-D30. This statement is supported in the SRX340, SRX345, SRX550M, SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, and SRX5800 devices and vSRX Virtual Firewall instances.