Wednesday 27 May 2009

Viewing a Certificate Revocation List (CRL)

A certificate revocation list contains serial numbers for certificates that has been revoked. A revoked certificate should not be trusted. The revokation lists are available at each Certificate Authority, such as Verisign.

I had problems finding information on how to view the contents of a .crl file, so hopefully this will help you. To view the revocation list in plain text, you can use the openssl command line tool:
openssl crl -inform DER -in Class3Commercial.crl -text -noout

Certificate Revocation List (CRL):
Version 1 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /O=VeriSign, Inc./OU=VeriSign Trust Network/OU=www.verisign.com/
repository/RPA Incorp. by Ref.,LIAB.LTD(c)98/CN=VeriSign Class 3 CA - Commercial
Content/Software Publisher
Last Update: Apr 15 10:00:08 2009 GMT
Next Update: Apr 25 10:00:08 2009 GMT
Revoked Certificates:
Serial Number: 010E4C379581BA0566F7C99FB5924E20
Revocation Date: Nov 28 17:46:46 2000 GMT
Serial Number: 0110E0DF875EDB73D8F276C87615D025
Revocation Date: Sep 13 21:08:20 1999 GMT
Serial Number: 0118A8D557A89E6B3BBA6DFA5119C8D9
Revocation Date: Jan 25 21:37:21 2000 GMT
Serial Number: 012FADDC287FE873AF9771C160774F0E
Revocation Date: Jul 13 23:31:00 2001 GMT
...

No comments:

Post a Comment