1page_revoke(3) Heimdal x509 library page_revoke(3)
2
6 page_revoke - Revocation methods There are two revocation method for
7 PKIX/X.509: CRL and OCSP. Revocation is needed if the private key is
8 lost and stolen. Depending on how picky you are, you might want to make
9 revocation for destroyed private keys too (smartcard broken), but that
10 should not be a problem.
11 CRL is a list of certifiates that have expired.
13 OCSP is an online checking method where the requestor sends a list of
15 certificates to the OCSP server to return a signed reply if they are
16 valid or not. Some services sends a OCSP reply as part of the hand-
17 shake to make the revoktion decision simpler/faster for the client.
18Version 7.8.0 Tue Nov 15 2022 page_revoke(3)