Next Previous Contents

8. Certificate Revokation Lists

All certificates are issued for a restricted timeperiod of validity. However it can happen that a certificate may not be used / gets invalid before the "not after" time in the certificate is reached. In this case the issuing CA should revoke this certificate by putting it on the list of revoked certificates, signing it and publishing it.

8.1 Generation of Certificate revokation lists

In XCA this can be done by the context-menu of the CA and the "revoke" entry in the context-menu of the issued certificate. First all invalid certificates are marked as revoked and then a Certificate Revokation List should be created and will be stored in the database.


Next Previous Contents