Main Page | See live article | Alphabetical index

Certificate Revocation List

Certificate Revocation List (CRL)

A list of X.509/Public key certificates that have been revoked, for instance because it was later (but before the certificate expires) found out the certificate authority(CA) was duped into giving a certificate with false credentials to an imposter. Or the private key that belongs to the public key contained in the certificate may have been compromised.

When a certificate for Microsoft Corporation was given to an imposter by an established CA, Microsoft finally saw the need to patch their cryptography subsystems so they would actually check certificates being used against a CRL. The failing is of course that this does not help users which are not online when relying on a certificate.