You are reading the article Digital Certificate Revocation With Explanation updated in September 2023 on the website Phuhoabeautyspa.com. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested October 2023 Digital Certificate Revocation With ExplanationIntroduction to Certificate Revocation
Start Your Free Software Development Course
Web development, programming languages, Software testing & othersDigital Certificate Revocation
There are two types such as Offline revocation status check and Online revocation status check, which is given in detail as follows;1. Offline Certificate Revocation Status Check
CRL (Certificate Revocation List) is a primary means of checking the status of digital certificates offline. CRL contains a list of certificates that are published regularly by each CA, identifies all the certificates that have been revoked through the Life of CA. Note that CRL does not list the certificates whose validity is over; it only lists the certificates whose validity is still in range but are revoked for some reason.
First, compare the current date with the validity date of the certificate to ensure that the certificate has not expired.
Checks that user B certificate can be verified in terms of a signature by his own CA (who issued the certificate).
Consult the latest Certificate Revocation List issued by CA of user B to ensure that User B certificate is not listed there as a revoked certificate.2. Online Certificate Revocation Status Check
Two protocol is used to check the certificate status – Online Certificate Status Protocol (OCSP) and Simple Certificate Validation Protocol (SCVP).
a. Online Certificate Status Protocol (OCSP)
CA provides an OCSP responder as a server that contains information about the latest certificate revocation.
When a client wants to check them if the particular certificate is valid or not, the client sends an OCSP request.
OCSP responder checks the X.500 directory (which contains all the information about the certificate revocation) to check the requested certificate is valid or not.
Based on the results, the OCSP responder sends a result back a digitally signed OCSP response for each of the certificates to the client. This response can be Good, Revoked, or Unknown. OCSP response also includes the date, time, and reason for the revocation if the certificate is revoked.
Based on the response, the client decides what action to be taken. If the response is Good, the certificate is considered valid.
b. Simple Certificate Validation Protocol (SCVP)
Simple Certificate Validation Protocol is an online Certificate status reporting protocol that is designed to deal with the drawbacks of online Certificate status protocol. It is quite similar to the OCSP. Let’s understand this concept while differentiating with OCSP.
In SCVP, the client sends the entire certificate to the sever number; the server performs other many checks also. While in OCSP, the client just sends the serial number of the certificate to the server.
In SCVP, the client sends a collection of certificates to their server for checking, while in OCSP, only the giver certificate is being checked.
In SCVP, the client can request for additional checks, type of revocation, etc. While in OCSP, the server checks whether the certificate is revoked or not.
In SCVP, the server sends additional information of the certificate to the client, while in OCSP, the server sends the only status of the certificate to the client.
SCVP provides more features than OCSP.
OCSP protocol is being enhanced, and its new version OCSP extension or OCSP-X is currently in the proposal stage. The goals of OCSP-X are similar to SCVP.Recommended Articles
This is a guide to Certificate Revocation. Here we discuss the introduction and digital certificate revocation along with an explanation. You may also have a look at the following articles to learn more –
You're reading Digital Certificate Revocation With Explanation
Update the detailed information about Digital Certificate Revocation With Explanation on the Phuhoabeautyspa.com website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!