Tag Archives: Revocation

SSL Certificate Status Checking

March 12, 2013 by Bruce Morton     No Comments

As part of its effort to promote SSL certificate best practices, the CA Security Council (CASC) has offered a couple of blogs on the importance of revocation checking

Short-Lived Certificates

August 21, 2012 by Bruce Morton     2 Comments

Certificate revocation is a current SSL industry issue. There are many causes to the problem. Some end-users do not have certificate-revocation checking turned on. Browsers support CRL or OCSP, but in some cases not both. The certification authorities (CA) may not provide reliable revocation responses. And what if there are no revocation responses from a [Read More...]

Digital Certificate Revocation – What the Future Holds

April 19, 2012 by Tim Moses     No Comments

When you tell people that revocation doesn’t work, they tend to look at you incredulously: “You’ve got all these solutions: full CRLs, CRL distribution points, delta-CRLs, indirect CRLs, OCSP, stapled OCSP. Surely one of those will work.” That’s the problem, right there. There are so many protocol and configuration choices that no two products or [Read More...]