Skip to main content

Certificate Revocation

Objective:

Ensure your system correctly performs the certificate validity check.

Guidelines: 

  • The deployed system should be able to checks the certificate validity i.e. to check if the certificate is not revoked. Two protocols are used:
    • OCSP (Online Certificate Status Protocol) and /or
    • CRL (Certificate Revocation List).
  • Ensure that revoked certificates are rejected by the system, and log the event for auditing purposes.
    The user should get a proper communication message in case a revoked certificate is used
Back to top