Hello there,
Certutil.exe is the command-line tool to verify certificates and CRLs. To get reliable verification results, you must use certutil.exe because the Certificate MMC Snap-In does not verify the CRL of certificates. A certificate might be wrongly shown in the MMC snap-in as valid but once you verify it with certutil.exe you will see that the certificate is actually invalid.
Remember, that certutil.exe operates in the security context of the current session context. This is important if you need to verify the validity of computer certificates. What if your current user session has the right proxy settings but the machine context does not? In Windows Server 2003 and Windows XP, the proxy configuration of the machine context can be configured with proxycfg.exe . In Windows Vista and Windows Server Codename Longhorn, use netsh winhttp show proxy to verify the proxy settings of the machine context.
Basic CRL checking with certutil https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/basic-crl-checking-with-certutil/ba-p/1128367
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer–