Skip to main content

Certificate Revocation

Objective: Ensure your system correctly performs the certificate validity check.

Guidelines: 

  • The deployed system should be able to checks the certificate validity i.e. to check if the certificate is not revoked. Two protocols are used:
    •  OCSP (Online Certificate Status Protocol) and /or
    • CRL (Certificate Revocation List).
  • Ensure that revoked certificates are rejected by the system, and log the event for auditing purposes.
  • The user should get a proper communication message in case a revoked certificate is used
Back to top