Certificate Revocation List (CRL)

A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date and should no longer be trusted. CRLs are a type of blacklist and are used by various endpoints, including Web browsers, to verify whether a certificate is valid and trustworthy. Digital certificates are used in the encryption process to secure communications, most often by using the TLS/SSL protocol. The certificate, which is signed by the issuing Certificate Authority, also provides proof of the identity of the certificate owner.

When a Web browser makes a connection to a site using TLS, the Web server's digital certificate is checked for anomalies or problems; part of this process involves checking that the certificate is not listed in a Certificate Revocation List. These checks are crucial steps in any certificate-based transaction because they allow a user to verify the identity of the owner of the site and discover whether the Certificate Authority still considers the digital certificate trustworthy.

The X.509 standard defines the format and semantics of a CRL for a public key infrastructure. Each entry in a Certificate Revocation List includes the serial number of the revoked certificate and the revocation date. The CRL file is signed by the Certificate Authority to prevent tampering. Optional information includes a time limit if the revocation applies for only a period of time and a reason for the revocation. CRLs contain certificates that have either been irreversibly revoked (revoked) or that have been marked as temporarily invalid (hold).

Digital certificates are revoked for many reasons. If a CA discovers that it has improperly issued a certificate, for example, it may revoke the original certificate and reissue a new one. Or if a certificate is discovered to be counterfeit, the CA will revoke it and add it to the CRL. The most common reason for revocation occurs when a certificate's private key has been compromised. Other reasons for revoking a certificate include the compromise of the issuing CA, the owner of the certificate no longer owning the domain for which it was issued, the owner of the certificate ceasing operations entirely or the original certificate being replaced with a different certificate from a different issuer.

The problem with Certificate Revocation Lists, as with all blacklists, is that they are difficult to maintain and are an inefficient method of distributing critical information in real time. When a certificate authority receives a CRL request from a browser, it returns a complete list of all the revoked certificates that the CA manages. The browser must then parse the list to determine if the certificate of the requested site has been revoked. Although the CRL may be updated as often as hourly, this time gap could allow a revoked certificate to be accepted, particularly because CRLs are cached to avoid incurring the overhead involved with repeatedly downloading them. Also, if the CRL is unavailable, then any operations depending upon certificate acceptance will be prevented and that may create a denial of service.

revoked certificate warning
A browser should show a message when a Web page uses a revoked certificate.

Other security vulnerabilities can occur because different browsers handle CRLs differently. Unless it is an Extended Validation Certificate, some browsers only check the validity of the server's certificate and do not attempt to check the entire chain of certificates that are required for validation. For example, Mozilla Firefox and Google Chrome on Linux support CRLs delivered in the standard binary format but cannot process RSA Security's CRLs because they are in a text-based format. In spite of that fact, they will still allow the connection to go ahead without a warning.

The Online Certificate Status Protocol (OCSP) is an alternative to using CRLs. Instead of having to download the latest CRL and check whether a requested URL is on the list, the browser sends the certificate for the site in question to the Certificate Authority. The CA then returns a value of "good," "revoked," or "unknown" for that certificate. This approach transfers far less data which doesn't need to be parsed before it can be used.

Determining which method to check certificate revocation status can vary between browsers and, in some instances, will depend upon which operating system (OS) the browser is running.

The Certificate Authority Security Council, whose members include the leading CAs, wants to promote an understanding of the importance of certificate-revocation checking and the adoption and deployment of OCSP stapling as an alternative to the use of CRLs. OCSP stapling eliminates the need for a browser to request the OCSP response directly from the CA. Instead, when the website sends its certificate to the browser, it attaches (staples) its OCSP response. In addition to improving speed, this approach also protects the end user's privacy because the CA only sees requests from websites, not the website's end users. The major Web servers and browsers all support OCSP stapling, and support for its use is growing.

This was last updated in May 2016

Next Steps

More on Digital Certificates Here

Continue Reading About Certificate Revocation List (CRL)

Dig Deeper on PKI and digital certificates