cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5995
Views
0
Helpful
0
Comments
ITA Terms
Community Member

 

Description

Certificate Revocation List (CRL)

 

A CRL is a Certificate Revocation List.  When any certificate is issued, it has a validity period which is defined by the Certification Authority.  Usually this is one or two years.Any time a certificate is presented as part of an authentication dialog, the current time should be checked against the validity period.  If the certificate is past that period, or expired, then the authentication should fail.However, sometimes certificates should not be honored even during their validity period.

 

 

For example, if the private key associated with a certificate is lost or exposed,then any authentication using that certificate should be denied.  Similarly, people will change jobs, names, and companies.  When their certificates are replaced, the old certificates have to be marked somehow as “no longer accepted.”  The purpose of the CRL is to list certificates which are valid, but are revoked.

 

image 1.png

 

RFCs:

  • Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile - RFC 3280

 

Also See:

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: