CRL File Format and Fields


What is the format of a (Certificate Revocation List) CRL file? I just downloaded a CRL from the certificate's CA Website.



The format of a CRL (Certificate Revocation List) file is specified in the X.509 v2 standard, which can be summarized below.

A CRL file is consists of two main parts:

1. CA Information - Each CRL file should provide the following information about the CA who signed and published this CRL file.

  • File type: X.509
  • Type version: 2
  • Issuer: Identity of the CA who issued this CRL
  • Issue date: Timestamp of when this CRL was issued
  • Next update: Timestamp of when this CRL will be updated
  • Signature algorithm: Name of the digital signature algorithm
  • Authority key identity: Hash of the public key of the signature
  • CRL number: Serial number of this CRL

2. List of Revoked Certificates - Each CRL file should contain a list of revocatin entries. Each revocation entry should provide the following information:

  • Serial number: The serial number of the revoked certificate
  • Revocation date: Timestamp of when this certificate was revoked
  • Reason code: Code representing the revocation reason
  • Invalidity date: Timestamp of when this certificate was compromised

Here is a screenshot of the CERTivity showing the structure of a CRL file (source: CRL File Format and Fields


⇒ Certificate Revocation Reason Codes

⇐ Open and View CRL File

⇑ CRL (Certificate Revocation List)

⇑⇑ Revoked Certificates - CRL and OCSP

2019-07-19, 5513🔥, 0💬