IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [certificate-revocation]

Certificate Revocation is a process for reporting that a certificate should no longer be trusted to the cert's issuing CA. The CA then places the cert on its CRL, and responds "REVOKED" to any OCSP requests for that cert. Normally only the owner of the cert (holder of the private key) can revoke a cert, though in special circumstances a CA can revoke a cert directly.

Certificate Revocation is a process for reporting that a certificate should no longer be trusted to the cert's issuing CA. The CA then places the cert on its certificate revocation list (CRL), and responds REVOKED to any OCSP requests for that cert.

Normally only the owner of the cert (holder of the private key) can revoke a cert, though in special circumstances a CA can revoke a cert directly.

186 questions
8
votes
2 answers

SSL certificate renewal and downtime due to revocation

We are in the process of renewing an SSL certificate, mainly for the forced use of SHA256. It is my understanding that a new Certificate Signing Request (CSR) has to be issued for the same host name, and get signed. This will give us the new…
Jean-Francois Messier
  • 81
  • 1
  • 2
7
votes
2 answers

Is there any malicious reason to block CRLs?

I've noticed that in order to 'illegally' crack certain applications, it is necessary to patch the host file to stop communication with the activation servers. I've found that with several applications there are entries that don't match the rest.…
NULLZ
  • 11,518
  • 19
  • 81
  • 111
3
votes
3 answers

Compromised Issuing CA

I'm configuring a PKI infrastructure with an offline root CA and several issuing CAs. Among other topics, I'm struggling to decide how the revokation of an Issuing CA certificate works. My Root CA will issue CRL once a year, and as far as I know, a…
Angel Muñoz
  • 33
  • 2
2
votes
3 answers

GlobalSign Domain Validation CA revocation issue in all browsers

I don't know where to dig in to solve this. Hope for some advice Today suddenly soundcloud.com stopped working, with error "The certificate has and invalide issuer". The issue persists across all browsers. and only on my Mac(10.12) machine. Here…
Alex Reds
  • 123
  • 5
0
votes
1 answer

How do I know a certificate is not faked?

Assuming a situation in which Alice wants to send Bob an encrypted message by using a PKE, as far as I know, digital certificates allow both Alice and Bob to be sure that the public key they have is the one which actually correspond to the other one…
Franzech Domâs
  • 1,025
  • 1
  • 9
  • 10