CRL – WindowsTechs.com

mTLS – revoking client certificates and maintaining CRL

Posted on March 4, 2025 by DayDayDay

is it possible to revoke certificates manually without presenting the client certificate? i.e. provide certificate id only?
technically in the certificates db maintained by the CA, each entry has its certificate as V (valid) or R (revoked)… Continue reading mTLS – revoking client certificates and maintaining CRL→

When to use a CRL distribution point in a root certificate?

Posted on January 27, 2025 by not2savvy

I understand that each certificate can have a CRL distribution point (extension 2.5.29.31) – or even multiple ones, but let’s not consider that for the moment. Let’s assume we have a root CA > intermediate CAs > and leaf certificates… Continue reading When to use a CRL distribution point in a root certificate?→

Certificate/key revocation

Posted on August 27, 2024 by somehybrid

Systems like Certificate Transparency and Key transparency store trees of keys/certificates. How would a user be able to remove a fraudulent/expired key or certificate? Do the trees stay the same and a separate list of revoked keys/certifi… Continue reading Certificate/key revocation→

Android Certificate Revocation Checking

Posted on January 15, 2024 by Elliot

I am hoping I can leverage everyone’s knowledge on this one as I am at a lose.
I have an Android 10 Device connecting to a containerized web application that is secured by a custom Certificate Authority. The OCSP addresses in the certific… Continue reading Android Certificate Revocation Checking→

is it necessary for cURL to check for CRL in Windows?

Posted on January 14, 2023 by Jameschad

I’m trying to set up cURL to get data from remote server at any sitaution. I use –tlsv1.3 –tls13-ciphers TLS_CHACHA20_POLY1305_SHA256 –http2 to make it as secure as I can think of, using Windows 11. (tried http3 but cURL said it’s not f… Continue reading is it necessary for cURL to check for CRL in Windows?→

openssl verify: "unable to load certificates" error

Posted on September 17, 2022 by neubert

When I do openssl verify -CAfile signer.crt -untrusted signed.crl I get an unable to load certificates, which I don’t understand as both openssl x509 -in signer.crt -inform PEM -text -noout and openssl crl -in signed.crl -inform PEM -text … Continue reading openssl verify: "unable to load certificates" error→

Firewall is blocking OCSP (Online Certificate Status Protocol) check

Posted on October 25, 2021 by Ilya Chernomordik

I have a certificate issued by lets encrypt and one of the certificate in the path has this information:
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://x1.c.lencr.org/

On the client … Continue reading Firewall is blocking OCSP (Online Certificate Status Protocol) check→

Revoked certificate not getting into Microsoft CA CRL

Posted on October 19, 2021 by max

I have a CA and an Active Directory + ADFS instances set up on a Windows Server 2016 machine. I issued a client certificate for one of the users (for smart card logon) and then revoked it. However, I’m still able to log in via the revoked … Continue reading Revoked certificate not getting into Microsoft CA CRL→

OpenSSL and connection time

Posted on June 24, 2021 by Baranikumar Venkatesan

Does anyone know about the search mechanism used in OpenSSL w.r.t verifying a serial number against a CRL file?
I understand that in the case of Base-CRL approach, the file size will grow over time and also it depends upon the number of re… Continue reading OpenSSL and connection time→

CRL list is getting cleared when i revoke after an hour

Posted on May 18, 2021 by Teju

Through CLI I revoked 10 certificates continuously, when I checked CRL list serial number for all the Revoked certificates are present. after an hour I revoked 11th certificate after revoking when I checked CRL list old 10 revoked certific… Continue reading CRL list is getting cleared when i revoke after an hour→