You can enable Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) to obtain the revocation status of X.509 Certificates. This may hinder performance so we recommend that individual users set these options only temporarily. 

1. Open up your Keychain Access Application located in Applications/Utilities folder.
2. Selet KeyChain Access>Prefences and toggle to the Certificates Pane.
3. Set Online Certificate Status Protocol (OCSP) to Best Attempt.
4. Set Certificate Revocation Listl (CRL) to Best Attempt.
5. Set Priority to OCSP.
6. Close Preferences and Quit the Keychain Access appliction.

This is very important: This may hinder performance for certain users so we recommend that individual users set these options only temporarily especially when there are rouge certificates in the wild.