If you have a certificate and want to verify its validity:
certutil -f –urlfetch -verify certificate.cer
Example output:
In this example there is something wrong with the CRL in the domain and CRL Admin need to check whats going on.
With the split command you can download a CRL
certutil –split -URL <http/ldap>
Example:
certutil -split -URL ldap:///CN=,CN=,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=domain,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint
Her is a useful link for further troubleshooting