Revocation Checking

The process of revocation invalidates a certificate before its end validity date using one of the revocation codes mentioned in the previous section. A Microsoft CA publishes certificate status information in the form of CRLs. Third party products use this information to provide revocation information in other formats such as OCSP, SCVP and XKMS. Prior to checking the status of a certificate, client must first checks a certificate to ensure that is trusted and it is time valid. Every issued certificate has a defined period in which the issuing...

Read More

EffectiveDate (thisupdate), NextUpdate and NextCRLPublish

(from http://blogs.technet.com/b/pki/archive/2008/06/05/how-effectivedate-thisupdate-nextupdate-and-nextcrlpublish-are-calculated.aspx)The validity time of a certificate revocation list (CRL) is critical for every public key infrastructure. By default, most applications verify the validity of certificates against a CRL.Two CRL types exist: base CRLs and delta CRLs. In case where no delta CRL is used, certificates are treated as invalid if the base CRL is not available or expired. If a delta CRL is in use, the delta and base CRL must be available...

Read More