Certificate Revocation Lists (CRLs)
Certificate Revocation Lists (CRLs)
One-liner: Publicly accessible list of digital certificates that have been revoked before their expiration date.
🎯 What Is It?
A Certificate Revocation List (CRL) is a signed data file published by a Certificate Authority (CA) that lists all certificates that have been revoked and should no longer be trusted. CRLs are a critical component of PKI security, allowing clients to verify that certificates haven't been compromised.
📝 CRL Structure
┌────────────────────────────────┐
│ Certificate Revocation List │
├────────────────────────────────┤
│ Issuer: CN=DigiCert CA │
│ This Update: 2024-12-30 │
│ Next Update: 2025-01-06 │
│ Revoked Certificates: │
│ - Serial: 123456 │
│ Revocation Date: 2024-12-25│
│ Reason: Key Compromise │
│ - Serial: 789012 │
│ Revocation Date: 2024-12-28│
│ Reason: Cessation of Op │
│ Signature: <CA signature> │
└────────────────────────────────┘
Key Fields
- Issuer — CA that issued the CRL
- This Update — When CRL was published
- Next Update — When next CRL will be published
- Revoked Certificates — List of revoked certificate serial numbers
- Revocation Date — When certificate was revoked
- Reason Code — Why certificate was revoked
- Signature — CA's digital signature (proves authenticity)
🚫 Revocation Reasons
| Reason Code | Meaning | Example |
|---|---|---|
| Key Compromise | Private key exposed | Server breach, stolen key |
| CA Compromise | CA itself compromised | DigiNotar breach (2011) |
| Affiliation Changed | Owner changed organization | Employee left company |
| Superseded | New certificate issued | Renewal, key rotation |
| Cessation of Operation | Service discontinued | Domain no longer owned |
| Certificate Hold | Temporary suspension | Investigation pending |
| Privilege Withdrawn | Access revoked | Terminated employee |
🔄 How CRL Checking Works
1. Client receives certificate from server
↓
2. Client extracts CRL Distribution Point URL from certificate
Example: http://crl.digicert.com/ca.crl
↓
3. Client downloads CRL from CA
↓
4. Client checks if certificate serial number is in CRL
↓
5. If found in CRL:
→ Certificate is REVOKED (reject connection)
If NOT found:
→ Certificate is valid (proceed)
Certificate with CRL Distribution Point
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.digicert.com/DigiCertGlobalRootCA.crl
⚡ CRL Types
1. Base CRL
Complete list of ALL revoked certificates.
Size: Large (can be 10MB+)
Update Frequency: Weekly or monthly
2. Delta CRL
Only contains changes since last base CRL.
Size: Small
Update Frequency: Daily or hourly
Usage:
Base CRL (issued Jan 1) + Delta CRL (Jan 15) = Complete list
❌ CRL Limitations
1. Size Problem
Large CAs:
- Millions of certificates
- CRL size: 10-100 MB
- Slow download on mobile/slow connections
2. Update Latency
Certificate compromised: 12:00 PM
CA publishes CRL: Next day (24 hours later)
Client downloads CRL: 36 hours after compromise
→ Gap where revoked certificate still trusted
3. Soft-Fail Problem
If client can't download CRL:
- Soft-fail — Accept certificate anyway (security risk)
- Hard-fail — Reject certificate (availability risk)
Most browsers use soft-fail → revoked certificates may be accepted.
4. Caching Issues
Clients cache CRLs for performance → may use stale CRL.
✅ Alternative: OCSP (Online Certificate Status Protocol)
CRL vs OCSP
| Feature | CRL | OCSP |
|---|---|---|
| Method | Download entire list | Query single certificate |
| Size | Large (10-100 MB) | Small (few KB) |
| Latency | High (hours/days) | Low (real-time) |
| Bandwidth | High | Low |
| Privacy | Better (no per-cert query) | Worse (CA sees what you're checking) |
| Adoption | Legacy | Modern (preferred) |
OCSP Workflow
1. Client sends OCSP request for specific certificate
↓
2. OCSP responder (CA) replies:
- Good (not revoked)
- Revoked (with reason)
- Unknown (no info)
↓
3. Client makes decision
OCSP Stapling
Server fetches OCSP response and "staples" it to certificate during TLS handshake.
Benefit:
- Client doesn't contact CA (privacy)
- Faster (no extra round-trip)
💻 Viewing CRLs
Download CRL
# Download CRL
wget http://crl.digicert.com/DigiCertGlobalRootCA.crl
# View CRL contents
openssl crl -in DigiCertGlobalRootCA.crl -inform DER -text -noout
Example Output
Certificate Revocation List (CRL):
Issuer: /C=US/O=DigiCert Inc/CN=DigiCert Global Root CA
Last Update: Dec 30 12:00:00 2024 GMT
Next Update: Jan 6 12:00:00 2025 GMT
Revoked Certificates:
Serial Number: 0123456789ABCDEF
Revocation Date: Dec 25 08:30:00 2024 GMT
CRL Reason: Key Compromise
Check Certificate Revocation Status
# Check certificate against CRL
openssl verify -crl_check -CRLfile ca.crl -CAfile ca.crt certificate.crt
# Check via OCSP
openssl ocsp -issuer ca.crt -cert certificate.crt \
-url http://ocsp.digicert.com
🔒 Security Considerations
1. CRL Integrity
CRLs are signed by CA to prevent tampering.
Attacker modifies CRL → Remove compromised cert
→ Signature verification FAILS
→ Client rejects CRL
2. Replay Attacks
Attack: Attacker serves old CRL (before revocation).
Defense:
- Clients check "Next Update" field
- Reject stale CRLs
3. Denial of Service
Attack: Block access to CRL distribution point.
Impact: Clients can't verify revocation (soft-fail = accept anyway).
Defense:
- Multiple CRL distribution points
- OCSP as backup
- Certificate Transparency logs
📊 Real-World Impact
Heartbleed (2014)
- OpenSSL vulnerability exposed private keys
- Massive certificate revocations
- CRL sizes exploded
- Demonstrated CRL scalability problems
Let's Encrypt
- Short-lived certificates (90 days)
- Reduces need for revocation
- OCSP preferred over CRL
🎤 Interview Angles
Q: What is a CRL and why is it needed?
- List of certificates revoked before expiration
- Published by Certificate Authority
- Allows clients to check if certificate is still trusted
- Needed when private keys are compromised, certificates misused, etc.
- Part of PKI security model
Q: What are the limitations of CRLs?
- Size: Can be 10-100 MB for large CAs (slow download)
- Latency: Updated periodically (hours/days), not real-time
- Soft-fail: If CRL unavailable, most browsers accept certificate anyway
- Caching: Clients may use stale CRL
- Scalability: Doesn't scale well for large PKI deployments
Q: What's the difference between CRL and OCSP?
| Aspect | CRL | OCSP |
|---|---|---|
| Data | Entire revocation list | Single certificate status |
| Size | Large (MBs) | Small (KBs) |
| Speed | Slow, periodic updates | Fast, real-time |
| Privacy | Better (no per-cert query) | Worse (CA sees queries) |
| Modern Use | Legacy/backup | Primary method |
Q: How would you handle a compromised certificate?
STAR Example:
Situation: Server private key was exposed in security breach.
Task: Prevent attackers from using compromised certificate.
Action:
- Contacted CA immediately to revoke certificate
- CA added to CRL and updated OCSP responder
- Generated new key pair on secure system
- Requested new certificate from CA
- Deployed new certificate and monitored for issues
Result: Revoked certificate appeared in CRL within 2 hours; new certificate deployed same day; no successful impersonation attempts detected.
🔗 Related Concepts
- Public Key Infrastructure — Overall framework
- Key Revocation — Revocation process
- Authentication — Primary use case
- Key Management Lifecycle (KML) — Full lifecycle