X.509 certificate does NOT contain ANYTHING related to CRL. but X.509 contains a serial number which WILL be included in VeriSign issued CRL list in case the certificate was revoked.
http://onsitecrl.verisign.com/ in the site where you can check if you certificate was revoked. put serial number of revoked certificate and you will see it in the list. I believe in our case, VeriSign sends us CRL every 3hrs or smth. But, you also can use OSPF (smth like this) protocol to get real-time CRL list. Hope this helps! Leon -----Original Message----- From: Juan Carlos Albores Aguilar [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 1:31 PM To: [EMAIL PROTECTED] Subject: Re: questions about CRL check It seems like there's a problem in concepts, a certifcate cannot contain a CRL, but a CRL can contain one or more certificates. Considering that, a certificate cannot even be sure to be contained in a CRL, that can only known by checking the CRL. Regarding your second question, a certificate cannot get a CRL, that's a CA job, the CA defines how often the CRL will be available, so you need to do this manually. i hope it helps, bye. Juan Carlos Albores Aguilar ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 20, 2001 8:49 PM Subject: questions about CRL check > Hi, > > 1. Does a X.509 certificate be sure to contain a certification revocation list? > 2. If a X.509 certificate contains a CRL, is there an interface defined in > it on how to get the latest CRL from CA to replace the current CRL? Any RFC defined it? > > Thank you and have a nice day. > > Sincerely, > Wooce > > > > > > > > > > 加薪,升职密笈 > http://www.englishtown.com/master/home/courseoverview.asp?etag=TOCN&ctr=cn > > > > =============================================== > > 手机号码是电邮,从此交费不用愁,一号在手“随身邮” > > —— 163“随身邮”手机邮箱 —— > ◎ 手机号码就是电子邮箱地址,方便记忆 > ◎ 不用上网,透过手机短信,随时掌握邮件的接收情况 > ◎ 决不错过任何商业良机 > ◎ 方便的按月收费方式,最低每月只需5元 > > 详情请浏览 > http://vip.163.net/mobile/mobile.htm > > =============================================== > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > __________________________________________________ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
