Certificate Revocation List – CRL

A Certificate Revocation List (CRL) exists (a list of revoked certificates) in order to be certain that the certificate of a person signing on the other side of the screen is in order.

This list contains all the certificates which have been revoked before their original expiry date has been reached. Before every approval which a client receives regarding the veracity of a signature, the client servers check the CRL in order to verify that the certificate has not been revoked and categorically confirm the identity of the signatory. This list is similar to the list maintained by credit card companies. A card which has been stolen is added to the CRL of the same company and any attempt to use the card is rejected.