CRL stand for Certificate Revocation List: it is a list containing the serial numbers and distinguished names of certificates that cannot be trusted anymore and were hence revoked. If a certificate loses its validity for any reason (for example, becomes compromised because its private key is stolen, and so on) the issuing CA revokes it. This is published on the website of the CA in a CRL. Obsolete or invalid certificates should be revoked even if they are used only internally.

CRLs can be obtained usually through HTTP, certificate authorities update and publish them on their website on a regular basis.