Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (83)
EC Keys (2389)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (6528)
Revoked Certificates (16)
Root CA (85)
RSA Keys (5269)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
What Is CRL (Certificate Revocation List)
What is CRL (Certificate Revocation List)?
✍: FYIcenter.com
A CRL (Certificate Revocation List) is a digitally signed file containing a list of revoked X.509 digital certificates.
After a CA (Certificate Authority) has issued a digital certificate for a public key of a given entity, it may decide to revoke this certificate for some reason.
This can be done by publish a CRL (Certificate Revocation List) to include the serial number of this revoked certificate.
When a client system receives a certificate from a server, the client system should first make sure the certificate has not been revoked by the CA.
This can be done by comparing the serial number of the certificate with the CRL published by the CA. If the serial number is in the CRL, then this certificate has been revoked, and it should be rejected.
Here is a diagram showing how a client system receives a server certificate
and validates it against CA's CRL (source: venafi.com).
Validating certificate with CA's CRL is not very efficient, because you need to download the CRL and compare certificate's serial number each time when using a certificate.
A more efficient way is to use the OCSP (Online Certificate Status Protocol) technology, see other tutorials for more information on OCSP.
Â
⇒ Retrieve CRL File from Certificate CA
⇠CRL (Certificate Revocation List)
2019-07-19, 5003👍, 0💬
Popular Posts:
How to download Portecle and install it for Windows or Linux? If you want to use Portecle to generat...
Certificate Summary: Subject: RapidSSL RSA CA 2018 Issuer: DigiCert Global Root CA Expiration: 2027-...
Certificate Summary: Subject: RapidSSL TLS RSA CA G1 Issuer: DigiCert Global Root G2 Expiration: 202...
Certificate Summary: Subject: niord-test.dma.dk Issuer: MaritimeCloud Test Identity Registry Expirat...
Certificate Summary: Subject: StartCom Certification Authority Issuer: StartCom Certification Author...