Results 1 to 6 of 6

Thread: crl (certificate relocation list)

  1. #1

    Question crl (certificate relocation list)

    Hello to everyone;

    I need and information about the validation of the certificates and the meaning of the crl in the conf file.

    I'm user of the suse 10.3 version, and using ssl on it.
    For my purposes I have created certificates with validation of 10 years. But in mine .conf and .cnf files the crl is set on 365 (which I tested and this are days).

    Question(1): Does this means that after the 365 days I have to create new certificates?

    Question(2): If I change the value now, before expiring the certificates, do I have to create new certificates.

    Thank you

  2. #2
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: crl (certificate revocation list)

    CRL stands for Certificate Revocation List. See here: Certificate revocation list - Wikipedia, the free encyclopedia

    After 365 days your certificate is no longer valid and users will be warned. You can change the initial period to something longer.

    You can extend the validity of current certificates, see openssl documentation.

  3. #3

    Default Re: crl (certificate relocation list)

    Thx for the info.
    It was of great help

    No i even know the real meaning of crl

    So this means that after the period of 365 days i have to cerate new certificates even if my certificates are still valid?

  4. #4
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: crl (certificate relocation list)

    No, it means that after 365 days the certificate is invalid. The not valid before and not valid after dates are integral parts of the certificate. A certificate that is out of its valid use period is simply not valid.

  5. #5

    Default Re: crl (certificate relocation list)

    Sorry, but I'm little lost here..

    What will happend after the 365 days are gone and my cert are still valid? I read that after the crl time is passed, the cert will be revoked and will be no active. But my cert will be still valid and after the 365 days are gone.

  6. #6
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: crl (certificate relocation list)

    After 365 days, the clients will see that the cert has expired and give a warning to the user not to trust it. As I said the expiry date is encoded in the cert.

    CRLs have nothing to do with this expiry. CRLs are only used when you need to invalidate a cert early for various reasons. See the Wikipedia entry.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •