Revoked Certificates - Certificate Revocation Reason Codes

Certificate Revocation Reason Codes

Q

What are the reasons why a X.509 certificate got revoked?

✍: FYIcenter.com

A

When a certificate CA publishes a CRL (Certificate Revocation List) file with a list of revoked certificates, a revocation reason code will be provided for each revocation entry.

There are several reason codes commonly used in CRL files:

0 - Unspecified: Certificate was revoked for unspecified reason
1 - Key Compromise: Private key of the certificate was compromized
2 - CA Compromise: Private key of the certificate CA was compromized
3 - Affiliation Changed: Certificate owner changed affiliation
4 - Superseded: A new certificate was issued to replace this one
5 - Cessation of Operation: Certificate owner stopped operation
6 - Certificate Hold: Certificate was put on hold

As you can see, the most serious reason is the "2 - CA Compromise". In this case, all X.509 certificates issued by this CA must be revoked immediately. Using a certificate whose CA private key was compromized is extremely dangerous.

⇒ Examples of Revoked Certificates

⇐ CRL File Format and Fields

⇑ CRL (Certificate Revocation List)

⇑⇑ Revoked Certificates - CRL and OCSP

2019-07-19, 3190👍, 0💬

Open and View CRL File
How to open and view a CRL (Certificate Revocation List) file? I just downloaded a CRL from the certificate's CA Website. If you want to open and view the list of revoked certificates in CRL (Certificate Revocation List) file you can follow this tutorial. 1. Open the certificate by double-click the ... 2019-07-19, 2414👍, 0💬

CRL File Format and Fields
What is the format of a (Certificate Revocation List) CRL file? I just downloaded a CRL from the certificate's CA Website. The format of a CRL (Certificate Revocation List) file is specified in the X.509 v2 standard, which can be summarized below. A CRL file is consists of two main parts: 1. CA Info... 2019-07-19, 1859👍, 0💬

Examples of Revoked Certificates
Where to find examples of revoked certificates? Here are examples of revoked certificates compiled by FYIcenter.com team. DigiNotar Fraudulent Certificates "Hosted by GTI Group Corporation" Certificates Other Examples of Revoked Certificates ⇒ DigiNotar Fraudulent Certificates ⇐ Certificate Revoc... 2019-07-19, 1562👍, 0💬

OCSP (Online Certificate Status Protocol)
Where to find answers to frequently asked questions on OCSP (Online Certificate Status Protocol)? Here is a collection of tutorials on OCSP (Online Certificate Status Protocol) compiled by FYIcenter.com team. What Is OCSP (Online Certificate Status Protocol) Find OCSP Server URL of Certificate CA 8g... 2016-08-16, 1190👍, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.