Certificate Revocation List (CRL)

Definition of CRL – Certificate Revocation List in Network Encyclopedia.

What is Certificate Revocation List (CRL)?

Certificate Revocation List, or CRL, is a list, maintained by a certificate authority (CA), of digital certificates that have been issued and then later revoked.

Certificate Revocation List (CRL)
Certificate Revocation List (CRL)

A certificate revocation list (CRL) is similar to lists of revoked credit card numbers that credit card companies used to give to vendors. The certificate authority makes the CRL publicly available so that users can determine the validity of any digital certificate presented to them.

Creating and maintaining a CRL is an essential ingredient in running a public key infrastructure (PKI) to support public key cryptography systems. Certificate Services (Windows Server) allows administrators to add elements to a certificate revocation list (CRL), and to publish signed CRLs on a regular basis.

In Windows Server 2003, Certificate Services 2.0 can be installed from Control Panel by clicking Add or Remove Programs and then clicking Add/Remove Windows Components to install or uninstall Certificate Services. On Windows Server 2016 you can install Active Directory Certificate Services (AD CS) as an Enterprise root certification authority (CA) and to enroll server certificates to servers that are running Network Policy Server (NPS), Routing and Remote Access service (RRAS), or both NPS and RRAS.

CRL Replication

The Certificate Revocation Lists (CRLs) should be replicated to all subscribing servers to a specific root certification authority.

Certificate Revocation List Process

CRL Process

See also:


Articles posted after being checked by editors.

Recent Content

link to Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Public Key Infrastructure, also known as PKI, is a set of services that support the use of public-key cryptography in a corporate or public setting. A public key infrastructure (PKI) enables key pairs to be generated, securely stored, and securely transmitted to users so that users can send encrypted transmissions and digital signatures over distrusted public networks such as the Internet.
link to Digital Signature

Digital Signature

Digital Signature is an electronic signature that you can use to sign a document being transmitted by electronic means such as e-mail. Digital signatures validate the identity of the sender and ensure that the document they are attached to has not been altered by unauthorized parties during the transmission.