Network Security
Certificate Revocation List (CRL)
Also known as: CRL, Revocation list
Definition
A signed, periodically published list of digital certificates that a CA has invalidated before their natural expiry, used by relying parties to detect revoked certs.
Examples
- A CA publishing crl.example/ca.crl every 24 hours so clients can refresh the revocation list.
- A VPN gateway that loads its CA's CRL at startup and refuses revoked client certificates.
Related terms
OCSP (Online Certificate Status Protocol)
An HTTP-based protocol that lets a client query a CA's responder in real time to determine whether a specific X.509 certificate is valid, revoked or unknown.
X.509 Certificate
A standard structure for a digital certificate that binds a public key to an identity through a signature from a trusted certificate authority.
Certificate Authority (CA)
A trusted entity that issues and signs digital certificates, binding cryptographic public keys to verified identities such as domain names or organisations.
Public Key Infrastructure (PKI)
The combined system of policies, software, hardware and trusted authorities used to issue, distribute, validate and revoke digital certificates that bind identities to public keys.
TLS (Transport Layer Security)
TLS (Transport Layer Security) — definition coming soon.
Digital Signature
A public-key cryptographic mechanism that proves the authenticity, integrity and non-repudiation of a message or document.