Certificate Revocation List
From Just Solve the File Format Problem
(Difference between revisions)
m (→Software) |
|||
(2 intermediate revisions by one user not shown) | |||
Line 11: | Line 11: | ||
== Identification == | == Identification == | ||
− | A PEM-encoded CRL file is plain text, with [[base64]]-encoded payload data. It contains a line that reads "<code>-----BEGIN X509 CRL -----</code>". | + | A PEM-encoded CRL file is plain text, with [[base64]]-encoded payload data. It contains a line that reads "<code>-----BEGIN X509 CRL-----</code>". |
== Examples == | == Examples == | ||
Line 21: | Line 21: | ||
== Software == | == Software == | ||
− | * [ | + | * [[OpenSSL]] |
== Sample files == | == Sample files == | ||
− | Most SSL certificates contain a link to a CRL file (in the "CRL Distribution Points" extension | + | Most SSL certificates contain a link to a CRL file (in the "CRL Distribution Points" extension), so live CRL files are easy to find. |
* [http://gtssldv-crl.geotrust.com/crls/gtssldv.crl gtssldv.crl] | * [http://gtssldv-crl.geotrust.com/crls/gtssldv.crl gtssldv.crl] | ||
* [http://crl.thawte.com/ThawteEVCA2006.crl ThawteEVCA2006.crl] | * [http://crl.thawte.com/ThawteEVCA2006.crl ThawteEVCA2006.crl] | ||
* [http://EVSecure-crl.verisign.com/EVSecure2006.crl EVSecure2006.crl] | * [http://EVSecure-crl.verisign.com/EVSecure2006.crl EVSecure2006.crl] |
Latest revision as of 22:16, 2 February 2016
A Certificate Revocation List (CRL) is a cryptographically-signed list of certificates that a certificate authority has declared to be revoked.
A CRL file may be encoded in PEM format, DER format, or possibly some other format.
CRL files are becoming less widely-used, in favor of the OCSP protocol.
Contents |
[edit] Identification
A PEM-encoded CRL file is plain text, with base64-encoded payload data. It contains a line that reads "-----BEGIN X509 CRL-----
".
[edit] Examples
To view the contents of a PEM-encoded CRL file, using OpenSSL:
openssl crl -noout -text -in example.crl
To view the contents of a DER-encoded CRL file:
openssl crl -inform DER -noout -text -in example.crl
[edit] Software
[edit] Sample files
Most SSL certificates contain a link to a CRL file (in the "CRL Distribution Points" extension), so live CRL files are easy to find.