24 Apr 2014
Comodo Support Home
What is a CRL?
What is a CRL?
A Certificate Revocation List (CRL) is a list of certificate serial numbers which have been revoked, are no longer valid, and should not be relied upon by any system user.
A CRL is generated periodically, for Comodo that is every 24 hours. The CRL is always issued by the CA which issues the corresponding
. All CRLs have a (often short) lifetime in which they are valid and in which they may be consulted by a PKI-enabled application to verify a counterpart's certificate prior its use. To prevent spoofing or denial-of-service attacks, CRLs are usually signed by the issuing CA and therefore carry a digital signature.
Certificate expiration dates are not a substitute for a CRL as the problem may be discovered whilst the certificate has not yet expired. CRLs or other certificate validation techniques are a necessary part of any properly operated PKI as mistakes in certificate vetting and key management are expected to occur in real world operations. In a noteworthy example, a certificate for Microsoft was mistakenly issued to an unknown individual who had successfully posed as Microsoft by the CA contracted to maintain the ActiveX 'publisher certificate' system (VeriSign). Microsoft saw the need to patch their cryptography subsystem so it would check the status of certificates before trusting them. As a short term fix, a patch was issued for the relevant Microsoft software (most importantly Windows) specifically listing the two certificates in question as 'revoked'.
10 Nov 2006 01:54 PM
This answer was helpful
This answer was not helpful
Add a Comment
If you would like to comment on this entry, please use the form below. Comments may be queued for moderation, and will not be published until approved.
Image verification required
Please enter the characters that appear to the right in the space provided. This is just to verify that you are a human.
-- Entire Support Site --
Add to Favorites
Submit a Ticket
by Kayako SupportSuite v3.70.02