Certificate Revocation List

From Just Solve the File Format Problem
Revision as of 22:16, 2 February 2016 by Jsummers (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
File Format
Name Certificate Revocation List
Ontology
Extension(s) .crl, .pem

A Certificate Revocation List (CRL) is a cryptographically-signed list of certificates that a certificate authority has declared to be revoked.

A CRL file may be encoded in PEM format, DER format, or possibly some other format.

CRL files are becoming less widely-used, in favor of the OCSP protocol.

Contents

Identification

A PEM-encoded CRL file is plain text, with base64-encoded payload data. It contains a line that reads "-----BEGIN X509 CRL-----".

Examples

To view the contents of a PEM-encoded CRL file, using OpenSSL:

 openssl crl -noout -text -in example.crl

To view the contents of a DER-encoded CRL file:

 openssl crl -inform DER -noout -text -in example.crl

Software

Sample files

Most SSL certificates contain a link to a CRL file (in the "CRL Distribution Points" extension), so live CRL files are easy to find.

Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox