Certificate Revocation List is a list of certificate that have been
revoked by a CA for some reason (Private Key was stolen). The list is
digitally signed by the CA creating the CRL. These lists are usually
public accessible in some LDAP or other command location.
Certificates have a Before and After date. They can't be used before a
certain date and can't be used after a certain date. So if a certificate
is compermised and has not expired the only way to know you should not
uses the cert is to check the issuing CA's CRL for the cert. If it is
on the list
hope that helps.
Perry
Anthony Azzopardi wrote:
What exactly is the revocation list and how is it used?
Anthony.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
