×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

CRL

Document

Sun, 01/27/2013 - 00:04
Jun 9th, 2009
User Badges:
Table of Contents 

Description

Certificate Revocation List (CRL)


A CRL is a Certificate Revocation List.  When any certificate is issued, it has a validity period which is defined by the Certification Authority.  Usually this is one or two years.Any time a certificate is presented as part of an authentication dialog, the current time should be checked against the validity period.  If the certificate is past that period, or expired, then the authentication should fail.However, sometimes certificates should not be honored even during their validity period.



For example, if the private key associated with a certificate is lost or exposed,then any authentication using that certificate should be denied.  Similarly, people will change jobs, names, and companies.  When their certificates are replaced, the old certificates have to be marked somehow as “no longer accepted.”  The purpose of the CRL is to list certificates which are valid, but are revoked.


image 1.png


RFCs:

  • Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile - RFC 3280


Also See:

Loading.

Actions

This Document