What is a list of certificate appeals?
The
Certificate cancellation list (CRL) is part of the Standard of Security of the International Telecommunications Union (ITU) X.509. According to the X.509 standard, the CAC (CA) may use CRL to impose or explicitly cancel any digital security certificate that it has issued and does not turn out. CRL is then distributed and used by various computer programs to confirm the validity of the security certificates used to identify the source. Through PKI, each user can be identified by the public key of their security key, while the user's private key is the other half of the couple. The user then contacts Ca and requires a security certificate using his public key as an identification. After some extent, the user's real identity screening may then issue a certificate that is bound to the public key. With this method, CA acts as a trusted third party and guarantees the identity of the user to whom the certificate has been issued.
Digital security certificate is usually provided annual or two -year lifetime. After the certificate expires, the user must recover their existing certificate by re -verifying their identity or asking for a new certificate directly. The certificate expiry date is included in the certificate itself, so computer software knows when it will no longer honor the certificate. However, there are times when it is necessary to cancel the certificate before the expiry date. In these cases, CA must maintain a list of certificate cancellations that state all certificates that have not been used, but for some reason they cannot be trusted.
The certificate cancellation list contains a number of possible reasons to cancel the certificate. The most common is that the private key for the certificate owner is no longer safe, at this point the certificate remains on the list until the expiry date. In this case, the user has to generate a new pair of keys and depictsData on a brand new certificate.
Of course, there are other reasons why a certificate may appear in CRL. The certificate may be stated if it has been replaced by another or there is a certain change in the information contained in the certificate of its owner, or if the CA itself has been endangered, the Ca itself appears on what is called the ARL cancellation list (ARL). Another reason why the certificate may appear on CRL is that the certificate is suspended for some reason. In the case of a certificate listed as a possession, it may then be renewed in the next CRL distributed CA. Many frequent changes in digital security certificates means that a list of certificate cancellation usually has a life expectancy of about 24 hours, although sometimes less.