Next Previous Contents

11. Certificate Revocation Lists

All certificates are issued for a restricted timeperiod of validity. However it can happen that a certificate shoud not be used / becomes invalid before the "not after" time in the certificate is reached. In this case the issuing CA should revoke this certificate by putting it on the list of revoked certificates, signing and publishing it.

11.1 Generation of Certificate revocation lists

In XCA this can be done by the context-menu of the CA and the "revoke" entry in the context-menu of the issued certificate. First all invalid certificates must be marked as revoked and then a Certificate Revocation List should be created and will be stored in the database.


Next Previous Contents