What is the Certificate Revocation List?
A Certificate Revocation List is a list of the certificates which were revoked by the Certificate Authority before their expiration date. A CRL is generated and published periodically often at defined intervals. Publishing of a CRL can be done immediately after the revocation of the certificate. Revocation here means that the certificate has not expired but was an active certificate and is now no more as valuable as it was.
According to the security experts, a certificate loses its credibility if it is revoked, the reason being that it does not provide the same level of protection against malicious parties and hackers. CRLs provide an idea to the web browsers and the users regarding whether the website is trustworthy or not.
Hence revocation of an SSL or TLS certificate is equivalent to not having one. CRLs provide an SSL endpoint to verify whether the certificate received is signed and authorized by a trusted Certificate Authority.
Why are Certificates Revoked?
There can be many reasons for the revocation of a certificate and the most common ones are as follows –
- The private key has been lost or compromised, hence no longer trustworthy.
- The previous owner of the domain no longer owns that domain or has ceased its operation.
- The certificate was forged.
By the use of the Certificate Revocation List the Certificate Authority not only provides information about the validity of the certificates they also provide the previously issued date, the publishing date and the and the current status.
Post Your Ad Here
Comments