crl (certificate relocation list)

Hello to everyone;

I need and information about the validation of the certificates and the meaning of the crl in the conf file.

I’m user of the suse 10.3 version, and using ssl on it.
For my purposes I have created certificates with validation of 10 years. But in mine .conf and .cnf files the crl is set on 365 (which I tested and this are days).

Question(1): Does this means that after the 365 days I have to create new certificates?

Question(2): If I change the value now, before expiring the certificates, do I have to create new certificates.

Thank you

CRL stands for Certificate Revocation List. See here: Certificate revocation list - Wikipedia, the free encyclopedia

After 365 days your certificate is no longer valid and users will be warned. You can change the initial period to something longer.

You can extend the validity of current certificates, see openssl documentation.

Thx for the info.
It was of great help :slight_smile:

No i even know the real meaning of crl :shame:

So this means that after the period of 365 days i have to cerate new certificates even if my certificates are still valid?

No, it means that after 365 days the certificate is invalid. The not valid before and not valid after dates are integral parts of the certificate. A certificate that is out of its valid use period is simply not valid.

Sorry, but I’m little lost here…

What will happend after the 365 days are gone and my cert are still valid? I read that after the crl time is passed, the cert will be revoked and will be no active. But my cert will be still valid and after the 365 days are gone.

After 365 days, the clients will see that the cert has expired and give a warning to the user not to trust it. As I said the expiry date is encoded in the cert.

CRLs have nothing to do with this expiry. CRLs are only used when you need to invalidate a cert early for various reasons. See the Wikipedia entry.