Certificate Revocation: CRL & OCSP
Understand how compromised certificates are revoked in practice.
Welcome
Certificates expire, but sometimes a private key is compromised before expiry. Revocation mechanisms let CAs announce that a certificate is no longer trustworthy.
Why Revocation Matters
If an attacker steals your TLS private key, they can impersonate your server until the certificate expires. Revocation lets the CA invalidate the certificate immediately.
All lessons in this course
- What Is a Certificate? X.509 Structure
- Certificate Authorities & Trust Chains
- Certificate Revocation: CRL & OCSP
- Creating Self-Signed Certs with OpenSSL