Subject: What's the order then?
Author: X509
In response to: How many ways are there to do certificate revocation checking ?
Posted on: 07/01/2010 02:49:19 PM

---

The three ways can be activated at the same time for certificate checking, but the process follows the order:

OCSP --> CRLDP --> CRL File

If the incoming certificate passes OCSP checkpoint, then CRLDP, and CRL File at last.


 
> 
> On 06/25/2010 10:16:23 PM X509 wrote:

---

There are three ways to do certificate revocation checking:

1) Statically by CRL ( (Certificate Revocation List) files which are typically in local storage;

2) Dynamically by CRL Distribution Point (CRLDP) which is inside the target certificate as a URL typically pointing to the issuer's CA CRL repository;

3) Dynamically by OCSP to any server which provides Certificate Revocation Checking service.

---

References:

• Next Post: Why OCSP?  X509  07/01/2010 03:15:34 PM
• Previous Post: How many ways are there to do certificate revocation checking ?  X509  06/25/2010 10:16:23 PM
• Next Topic: Stories in urdu,hindi,pakistani,indian stories (527)  suhailrizwan  06/28/2010 05:11:14 PM
• Previous Topic: Security Token Service (STS)  authen  06/05/2010 07:10:58 PM
• Index: by Date
• Index: by Topic