Advanced electronic signature services
Secure and confidential electronic transactions

Certification Authority

Certificate Revocation List

Revoking a certificate means cancelling its validity prior to its expiry dates; as a result, any digital signature with this certificate as of the revocation date is no longer valid.

A CRL (Certificate Revocation List) is a directory listing the certificates that are no longer valid in the electronic signature process; EDICOM Certification Authority updates the lists at least once every 24 hours.

You can also check the revocation status of certificates by queries to the EDICOM Validation Services through the OCSP (Online Certificate Status Protocol). This protocol lets you determine the state of a certificate without having to check all the lists that make up the CRL.

An application or OCSP client sends a certificate status query to the EDICOM Certification Authority which, after checking its database, responds by HTTP with the situation of the certificate in question.

Online Certificate Status Protocol

The OCSP lets you determine the revocation status of a digital X.509 certificate automatically. The protocol is described in RFC 2560 and is in the Internet Standards Register.

The tools developed by EDICOM for the rollout of B2B e-commerce models work as OCSP clients to check the validity of certificates used in electronic documents received.