Certificate revocation list
List of certificates that have been revoked
A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the certificate authority (CA) before their scheduled expiration date and should no longer be trusted. CRLs are a critical component of the public key infrastructure (PKI) used to manage the distribution and revocation of digital certificates.
Overview[edit | edit source]
Digital certificates are used to verify the identity of entities and to secure communications over networks such as the Internet. When a certificate is no longer trustworthy, it must be revoked to prevent misuse. Reasons for revocation include the compromise of the certificate's private key, the certificate holder's information changing, or the certificate being issued in error.
Structure[edit | edit source]
A CRL is typically issued in a format specified by the X.509 standard. It contains the following information:
- The issuer of the CRL
- The date the CRL was issued
- The date the next CRL will be issued
- A list of revoked certificates, including their serial numbers and the revocation dates
- The reason for each revocation
Types of CRLs[edit | edit source]
There are two main types of CRLs:
- **Full CRL**: Contains all revoked certificates issued by a CA.
- **Delta CRL**: Contains only the certificates revoked since the last full CRL was issued.
Distribution[edit | edit source]
CRLs are distributed by the CA that issued the certificates. They can be accessed via various protocols, including HTTP, LDAP, and FTP. The location of the CRL is typically specified in the certificate itself through the CRL Distribution Points (CDP) extension.
Validation[edit | edit source]
When a certificate is presented for validation, the relying party must check the CRL to ensure the certificate has not been revoked. This process can be time-consuming, especially if the CRL is large. To address this, the Online Certificate Status Protocol (OCSP) can be used as an alternative to CRLs, providing real-time certificate status information.
Related Concepts[edit | edit source]
- Public key infrastructure
- Digital certificate
- Certificate authority
- Online Certificate Status Protocol
- X.509
See also[edit | edit source]
Search WikiMD
Ad.Tired of being Overweight? Try W8MD's physician weight loss program.
Semaglutide (Ozempic / Wegovy and Tirzepatide (Mounjaro / Zepbound) available.
Advertise on WikiMD
WikiMD's Wellness Encyclopedia |
Let Food Be Thy Medicine Medicine Thy Food - Hippocrates |
Translate this page: - East Asian
中文,
日本,
한국어,
South Asian
हिन्दी,
தமிழ்,
తెలుగు,
Urdu,
ಕನ್ನಡ,
Southeast Asian
Indonesian,
Vietnamese,
Thai,
မြန်မာဘာသာ,
বাংলা
European
español,
Deutsch,
français,
Greek,
português do Brasil,
polski,
română,
русский,
Nederlands,
norsk,
svenska,
suomi,
Italian
Middle Eastern & African
عربى,
Turkish,
Persian,
Hebrew,
Afrikaans,
isiZulu,
Kiswahili,
Other
Bulgarian,
Hungarian,
Czech,
Swedish,
മലയാളം,
मराठी,
ਪੰਜਾਬੀ,
ગુજરાતી,
Portuguese,
Ukrainian
Medical Disclaimer: WikiMD is not a substitute for professional medical advice. The information on WikiMD is provided as an information resource only, may be incorrect, outdated or misleading, and is not to be used or relied on for any diagnostic or treatment purposes. Please consult your health care provider before making any healthcare decisions or for guidance about a specific medical condition. WikiMD expressly disclaims responsibility, and shall have no liability, for any damages, loss, injury, or liability whatsoever suffered as a result of your reliance on the information contained in this site. By visiting this site you agree to the foregoing terms and conditions, which may from time to time be changed or supplemented by WikiMD. If you do not agree to the foregoing terms and conditions, you should not enter or use this site. See full disclaimer.
Credits:Most images are courtesy of Wikimedia commons, and templates Wikipedia, licensed under CC BY SA or similar.
Contributors: Prab R. Tumpati, MD