Certificate revocation list

From WikiMD's Wellness Encyclopedia

CRL in Windows

List of certificates that have been revoked


Template:Infobox cryptography

A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the certificate authority (CA) before their scheduled expiration date and should no longer be trusted. CRLs are a critical component of the public key infrastructure (PKI) used to manage the distribution and revocation of digital certificates.

Overview[edit | edit source]

Digital certificates are used to verify the identity of entities and to secure communications over networks such as the Internet. When a certificate is no longer trustworthy, it must be revoked to prevent misuse. Reasons for revocation include the compromise of the certificate's private key, the certificate holder's information changing, or the certificate being issued in error.

Structure[edit | edit source]

A CRL is typically issued in a format specified by the X.509 standard. It contains the following information:

  • The issuer of the CRL
  • The date the CRL was issued
  • The date the next CRL will be issued
  • A list of revoked certificates, including their serial numbers and the revocation dates
  • The reason for each revocation

Types of CRLs[edit | edit source]

There are two main types of CRLs:

  • **Full CRL**: Contains all revoked certificates issued by a CA.
  • **Delta CRL**: Contains only the certificates revoked since the last full CRL was issued.

Distribution[edit | edit source]

CRLs are distributed by the CA that issued the certificates. They can be accessed via various protocols, including HTTP, LDAP, and FTP. The location of the CRL is typically specified in the certificate itself through the CRL Distribution Points (CDP) extension.

Validation[edit | edit source]

When a certificate is presented for validation, the relying party must check the CRL to ensure the certificate has not been revoked. This process can be time-consuming, especially if the CRL is large. To address this, the Online Certificate Status Protocol (OCSP) can be used as an alternative to CRLs, providing real-time certificate status information.

Related Concepts[edit | edit source]

See also[edit | edit source]

WikiMD
Navigation: Wellness - Encyclopedia - Health topics - Disease Index‏‎ - Drugs - World Directory - Gray's Anatomy - Keto diet - Recipes

Search WikiMD

Ad.Tired of being Overweight? Try W8MD's physician weight loss program.
Semaglutide (Ozempic / Wegovy and Tirzepatide (Mounjaro / Zepbound) available.
Advertise on WikiMD

WikiMD's Wellness Encyclopedia

Let Food Be Thy Medicine
Medicine Thy Food - Hippocrates

Medical Disclaimer: WikiMD is not a substitute for professional medical advice. The information on WikiMD is provided as an information resource only, may be incorrect, outdated or misleading, and is not to be used or relied on for any diagnostic or treatment purposes. Please consult your health care provider before making any healthcare decisions or for guidance about a specific medical condition. WikiMD expressly disclaims responsibility, and shall have no liability, for any damages, loss, injury, or liability whatsoever suffered as a result of your reliance on the information contained in this site. By visiting this site you agree to the foregoing terms and conditions, which may from time to time be changed or supplemented by WikiMD. If you do not agree to the foregoing terms and conditions, you should not enter or use this site. See full disclaimer.
Credits:Most images are courtesy of Wikimedia commons, and templates Wikipedia, licensed under CC BY SA or similar.

Contributors: Prab R. Tumpati, MD