Enhance the security of certificate-based logins to Salesforce by checking the revocation status of user certificates. This setting prevents logins with certificates that are revoked or can’t be validated. Before you enable revocation status checks, make sure that your uploaded user certificates contain Online Certificate Status Protocol (OCSP) or Certificate Revocation List (CRL) endpoints.
Check the Revocation Status of User Authentication Certificates (salesforce.com)