CRL Preparation
Summary
This article provides a concise guide to working with X509 certificate revocation lists (CRLs). CRLs are used to track certificates that have been revoked, and are an important part of maintaining the security of a PKI. This guide will cover how to:
- Verify the time stamp of a CRL
- Download a CRL
- Prepare a custom datum_t structure for a CRL
Verifying the timestamp of a CRL
The first step in working with a CRL is to verify its timestamp. This ensures that the CRL is up-to-date and has not been tampered with.
To verify the timestamp of a CRL, you can use the crl command from OpenSSL.
Downloading a CRL
Once you have verified the timestamp of a CRL, you can download it. This can be done using the wget command.
Preparing a custom datum_t structure for a CRL
Once you have downloaded a CRL, you can prepare a custom datum_t structure to store it. This structure will be used by your application to track the revoked certificates.
The datum_t structure should include the following fields:
- A pointer to the CRL
- The length of the CRL
- The time stamp of the CRL
Comments