This tool and associated timer (systemd) or cron (init.d) entry ensure that Certificate Revocation Lists (CRLs) are periodically retrieved from the web sites of the respective Certification Authorities.

The fetch-crl tool finds all *.crl_url files in the configured CRL directory, downloads the CRLs listed in those files and saves them in the same directory. The default configuration uses /etc/grid-security/certificates as the CRL directory.