Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search

Table Of Contents  CertiGuide to Security+
 9  Chapter 4:  Basics of Cryptography (Domain 4.0; 15%)
      9  4.5  Key Management and Certificate Lifecycles
           9  4.5.5  Revocation

Previous Topic/Section
Certificate Revocation Techniques
Previous Page
Pages in Current Topic/Section
Next Page
4.5.6 Suspension
Next Topic/Section  Status Checking

In general, before trusting a party’s certificate for an important transaction, you should check to make sure that it is still valid, and has not been revoked. This is called checking its status. If the certificate does not come back as valid, proceed with the transaction at your own risk.

The process, and the potential consequences for not doing it, is similar to the common practice of a merchant authorizing your credit card before accepting it as payment.

Normally status checking would be performed by referring to information from the certificate’s issuing CA, which may be in the form of a published CRL, or perhaps in the form of an OCSP site. Additionally, as pointed out in a Microsoft paper on certificate status checking in closed PKI environments407 (rather than public environments with external CA’s), other protocols can be used to perform similar validity checks, depending on how the CA wishes to set it up. Be aware that many email clients are notoriously bad at checking for revoked certificates, so when sending or receiving signed email, you may wish to check certificate validity independently.

A certificate status check may tell you the certificate status (valid, suspended, revoked, and expired) as well as list a reason code explaining the current status (such as “requested by user”, “compromise suspected”, etc.)

Checking Digital Certificates

Before trusting a party based on their digital certificate, you should check the status of the certificate to make sure that it is still valid and has not been revoked or expired. Often, if the status is anything other than valid, the status check response will list a reason for the current status, such as “compromise suspected.”



Previous Topic/Section
Certificate Revocation Techniques
Previous Page
Pages in Current Topic/Section
Next Page
4.5.6 Suspension
Next Topic/Section

If you find useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $

Home - Table Of Contents - Contact Us

CertiGuide for Security+ ( on
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al. Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.