What is the format of a (Certificate Revocation List) CRL file? I just downloaded a CRL from the certificate's CA Website.

The format of a CRL (Certificate Revocation List) file is specified in the X.509 v2 standard, which can be summarized below.

A CRL file is consists of two main parts:

1. CA Information - Each CRL file should provide the following information about the CA who signed and published this CRL file.

• File type: X.509
• Type version: 2
• Issuer: Identity of the CA who issued this CRL
• Issue date: Timestamp of when this CRL was issued
• Next update: Timestamp of when this CRL will be updated
• Signature algorithm: Name of the digital signature algorithm
• Authority key identity: Hash of the public key of the signature
• CRL number: Serial number of this CRL

2. List of Revoked Certificates - Each CRL file should contain a list of revocatin entries. Each revocation entry should provide the following information:

• Serial number: The serial number of the revoked certificate
• Revocation date: Timestamp of when this certificate was revoked
• Reason code: Code representing the revocation reason
• Invalidity date: Timestamp of when this certificate was compromised

Here is a screenshot of the CERTivity showing the structure of a CRL file (source: edulib.com).

 

⇒ Certificate Revocation Reason Codes

⇐ Open and View CRL File

⇑ CRL (Certificate Revocation List)

⇑⇑ Revoked Certificates - CRL and OCSP