Trending September 2023 # Digital Certificate Revocation With Explanation # Suggested October 2023 # Top 15 Popular

You are reading the article Digital Certificate Revocation With Explanation updated in September 2023 on the website Phuhoabeautyspa.com. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested October 2023 Digital Certificate Revocation With Explanation

Introduction to Certificate Revocation

Start Your Free Software Development Course

Web development, programming languages, Software testing & others

Digital Certificate Revocation

There are two types such as Offline revocation status check and Online revocation status check, which is given in detail as follows;

1. Offline Certificate Revocation Status Check

CRL (Certificate Revocation List) is a primary means of checking the status of digital certificates offline. CRL contains a list of certificates that are published regularly by each CA, identifies all the certificates that have been revoked through the Life of CA. Note that CRL does not list the certificates whose validity is over; it only lists the certificates whose validity is still in range but are revoked for some reason.

First, compare the current date with the validity date of the certificate to ensure that the certificate has not expired.

Checks that user B certificate can be verified in terms of a signature by his own CA (who issued the certificate).

Consult the latest Certificate Revocation List issued by CA of user B to ensure that User B certificate is not listed there as a revoked certificate.

2. Online Certificate Revocation Status Check

Two protocol is used to check the certificate status – Online Certificate Status Protocol (OCSP) and Simple Certificate Validation Protocol (SCVP).

a. Online Certificate Status Protocol (OCSP)

CA provides an OCSP responder as a server that contains information about the latest certificate revocation.

When a client wants to check them if the particular certificate is valid or not, the client sends an OCSP request.

OCSP responder checks the X.500 directory (which contains all the information about the certificate revocation) to check the requested certificate is valid or not.

Based on the results, the OCSP responder sends a result back a digitally signed OCSP response for each of the certificates to the client. This response can be Good, Revoked, or Unknown. OCSP response also includes the date, time, and reason for the revocation if the certificate is revoked.

Based on the response, the client decides what action to be taken. If the response is Good, the certificate is considered valid.

b. Simple Certificate Validation Protocol (SCVP)

Simple Certificate Validation Protocol is an online Certificate status reporting protocol that is designed to deal with the drawbacks of online Certificate status protocol. It is quite similar to the OCSP. Let’s understand this concept while differentiating with OCSP.

In SCVP, the client sends the entire certificate to the sever number; the server performs other many checks also. While in OCSP, the client just sends the serial number of the certificate to the server.

In SCVP, the client sends a collection of certificates to their server for checking, while in OCSP, only the giver certificate is being checked.

In SCVP, the client can request for additional checks, type of revocation, etc. While in OCSP, the server checks whether the certificate is revoked or not.

In SCVP, the server sends additional information of the certificate to the client, while in OCSP, the server sends the only status of the certificate to the client.

SCVP provides more features than OCSP.

OCSP protocol is being enhanced, and its new version OCSP extension or OCSP-X is currently in the proposal stage. The goals of OCSP-X are similar to SCVP.