This is outlined in NetSight's Help:
Certificate Revocation List URLs
Use Add URL, Edit URL, and Remove URLs to create a list of CRL distribution points which will be used to check for revoked client certificates. When an end-user's access to the network has been revoked, the end-user's client certificate is revoked. This will cause the CA to add the revoked certificate's serial number to its CRL. The NAC appliance will download a new copy of any configured CRL every hour from the CRLdistribution point identified by the URL. If the CRL has been updated, the RADIUS server will be restarted to load the new data. The RADIUS server will then reject any client certificate found in the CRL.
When CRLs are used, there must be a CRL configured for every trusted certificate authority. Only CRLs that are distributed through an http:, https:, or file: URL are supported, and only CRLs that correspond to a listed trusted certificate authority can be used. Delta CRLs are not allowed.