Certificate Revocation List (CRL)

Definition of CRL – Certificate Revocation List in Network Encyclopedia.

What is Certificate Revocation List (CRL)?

Certificate Revocation List, or CRL, is a list, maintained by a certificate authority (CA), of digital certificates that have been issued and then later revoked.

Certificate Revocation List (CRL)
Certificate Revocation List (CRL)

A certificate revocation list (CRL) is similar to lists of revoked credit card numbers that credit card companies used to give to vendors. The certificate authority makes the CRL publicly available so that users can determine the validity of any digital certificate presented to them.

Creating and maintaining a CRL is an essential ingredient in running a public key infrastructure (PKI) to support public key cryptography systems. Certificate Services (Windows Server) allows administrators to add elements to a certificate revocation list (CRL), and to publish signed CRLs on a regular basis.

In Windows Server 2003, Certificate Services 2.0 can be installed from Control Panel by clicking Add or Remove Programs and then clicking Add/Remove Windows Components to install or uninstall Certificate Services. On Windows Server 2016 you can install Active Directory Certificate Services (AD CS) as an Enterprise root certification authority (CA) and to enroll server certificates to servers that are running Network Policy Server (NPS), Routing and Remote Access service (RRAS), or both NPS and RRAS.

CRL Replication

The Certificate Revocation Lists (CRLs) should be replicated to all subscribing servers to a specific root certification authority.

Certificate Revocation List Process

CRL Process

See also:


Articles posted after being checked by editors.

Recent Posts