Although still usable, this Certificate Authority application now has legacy status.
The new UW Certificate Services
application provides consolidated certificate request and management functions
for both the UW Services CA and the InCommon CA.
See the UW Certificate Services documentation for a comparison of CA features
Working with the CRL
Using the Certificate Revocation List (CRL)
The CRL identifies those certificates that the UW CA
has determined are no longer valid and has revoked.
Use of a CRL is not necessary, but does enhance the
security of your client or service.
Specific use depends on your application.
PEM format is convenient
because you can copy the text from your browser
and paste it into an application or file. The CRL in DER format
contains unprintable characters and does not lend itself
to the copy and paste method.
Many applications can,
however, work more easily with the DER format.
In addition, certificates issued by the CA contain CRL
distribution point information. Someday soon software
products will automatically make use of that information -
thereby obviating the manual distribution method.
- You can click on the DER format link and
load the CRL into most browsers.
- Be advised however that the CRL will have to be
reloaded when it expires, or else your browser
will not accept our certificates.
Apache web servers
Programs unsing the OpenSSL library
- OpenSSL does not automatically check for certificate revocation.
You have to do that by hand in the verifier callback.
- We at present have no example.
- You could reference the mod_ssl example.
MS Windows applications
- Windows applications will find the DER format
of the CRL the most convenient.
- Click on the DER format link to allow your
system's certificate manager to install the list.