1page_revoke(3) Heimdalx509library page_revoke(3)
2
6 page_revokeRevocation methods
7 - There are two revocation method for PKIX/X.509: CRL and OCSP.
8 Revocation is needed if the private key is lost and stolen. Depending
9 on how picky you are, you might want to make revocation for destroyed
10 private keys too (smartcard broken), but that should not be a problem.
11 CRL is a list of certifiates that have expired.
13 OCSP is an online checking method where the requestor sends a list of
15 certificates to the OCSP server to return a signed reply if they are
16 valid or not. Some services sends a OCSP reply as part of the hand-
17 shake to make the revoktion decision simpler/faster for the client.
18Version 7.7.0 Fri Jun 7 2019 page_revoke(3)