ESYAE-imza Kütüphaneleri

Once a certificate is published it is impossible to make it totally inaccessible due to its revocation. For this reasons CAs publish Certificate Revocation Lists(CRL) in order to announce everyone that the certificates in the CRL are revoked.

Certificate Revocation Lists has the following properties:

• They are digital.
• They consist of the serial numbers of untrusted certificates that are not expired.
• They include the issue and expiry date.
• They include issuer's name and signature.
• Ther ayre published on the electronic media like internet with small periods

A sample CRL can be as follows:

In PKI systemsi it is mandatory for every agent performing a certificate-based operation to check CRL while validating certificates. If the serial number of a certificate included in the CRL, it must be considered as invalid and the operation must be cancelled.

CRLs are indeed required in PKI for two main reasons: * The information of the certificate's owner may have changed. * The key pair of the certificate's owner may have changed.