When you visit website sometimes, a warning pop up on your screen stating, “The certificate is revoked”. Certificate revocation is intended to alert users about an untrusted website and to save user against fraud and threats.
Why does it happen?
- A Certificate can be revoked if user has private key been compromised.
- A certificate had been issued improperly.
- Identified entity failed to follow policy requirements like issue of false documents, falsification of software behavior, and violation of policy norms by the CA or customer.
CRL and OCSP Method:
There are CRL (certificate revocation list) and OCSP (online certificate status protocol) stapling method to check the status of certificate for browsers. OCSP provides information about SSL certificate issued from CA while CRL provides a list of revoked certificates.
On finding, such “Revoked certificate error” user should check the certificate by viewing it. If the date is expired, then user must report to the admin of the website. However if the date is not expired then consult with SSL certificate provider. Besides all, there is an automatic root certificate update set in window, which regularly update the list of root certificate on user’s PC.
SSL security is a matter of great concern and one should not be careless, as ultimately it is the matter of your business’s reputation and security.