X509CRL

X509CRL, or X.509 Certificate Revocation List, is a standard format for a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date. The primary purpose of a CRL is to provide a mechanism for distributing information about certificates that should no longer be trusted, due to reasons such as private key compromise, certificate mis-issuance, or changes in the certificate's status.

A CRL is a signed data structure that contains a list of revoked certificates, each identified by

CRLs are typically distributed via HTTP or LDAP, and clients can periodically check the CRL to ensure

While CRLs are widely used, they have some limitations, such as the potential for large CRLs, which