Excellent question — this gets into how TLS/SSL certificates are verified and how browsers or clients check whether a certificate is revoked (no longer trusted). Let’s break it down clearly and precisely:
πΉ Context: Certificate Validation
When a client (like a web browser) connects to a secure HTTPS server, it receives the server’s X.509 certificate.
Before trusting it, the client verifies:
The certificate is issued by a trusted CA (Certificate Authority).
The certificate is not expired.
The certificate has not been revoked (i.e., invalidated before expiry).
π Step 3 (revocation check) is where CRL and OCSP come in.
πΉ 1. CRL – Certificate Revocation List
π What It Is
CRL (Certificate Revocation List) is a list of certificates that have been revoked by the issuing Certificate Authority (CA).
It’s published periodically by the CA.
The CRL is a signed file that contains:
The serial numbers of revoked certificates.
The revocation date.
The reason for revocation (optional).
𧩠How It Works
The CA hosts the CRL file at a specific URL (usually
httporhttps) — called the CRL Distribution Point (CDP).This URL is embedded in every certificate the CA issues.
π Example CRL field in a certificate
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.exampleca.com/exampleca.crl
π§ Verification Process
The client (e.g., browser) reads the CRL URL from the certificate.
It downloads the CRL file from the CA’s server.
It checks if the certificate’s serial number appears in the list.
If found → the certificate is revoked.
If not → it’s still valid.
⚠️ Limitations of CRL
CRLs can grow large (megabytes in size).
Clients must download the full file, which is slow and bandwidth-heavy.
Not real-time — revocation info might be outdated until the next CRL update.
πΉ 2. OCSP – Online Certificate Status Protocol
π What It Is
OCSP (Online Certificate Status Protocol) is a real-time method for checking the revocation status of a specific certificate.
Instead of downloading a big list, the client queries the CA’s OCSP responder directly for the status of one certificate.
𧩠How It Works
The certificate includes the OCSP responder URL in a field called Authority Information Access (AIA).
π Example OCSP field in a certificate
Authority Information Access:
OCSP - URI:http://ocsp.exampleca.com
CA Issuers - URI:http://www.exampleca.com/exampleca.crt
π§ Verification Process
The client sends an OCSP request to the responder:
“Is certificate with serial number XYZ123 revoked?”The OCSP responder returns one of three statuses:
good → The certificate is valid.
revoked → The certificate is revoked.
unknown → The responder has no info (e.g., not issued by that CA).
⚡ Advantages of OCSP
Faster and more efficient than downloading entire CRLs.
Provides near real-time revocation information.
⚠️ Limitations
Requires network connectivity to the OCSP server.
If the OCSP responder is slow or unreachable, some clients may:
Soft fail: Assume the certificate is valid (browser still proceeds).
Hard fail: Block the connection (more secure but less tolerant).
πΉ 3. OCSP Stapling (Optimization)
To reduce latency and protect privacy, servers can use OCSP stapling.
The server obtains a recent OCSP response from the CA and “staples” it to its TLS handshake.
This way, the browser doesn’t need to contact the CA itself.
Improves performance, security, and user privacy (since CA doesn’t see every user request).
πΉ 4. Where You See OCSP and CRL Information
When you inspect a peer certificate (like using openssl s_client or viewing in a browser), you’ll often see these sections:
X509v3 extensions:
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/RootCA.crt
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/RootCA.crl
That means:
OCSP URL → Used for live certificate status checks.
CRL URL → Used for bulk revocation list download.
πΉ 5. Summary Table
| Feature | CRL (Certificate Revocation List) | OCSP (Online Certificate Status Protocol) |
|---|---|---|
| Type | File containing revoked certificates | Real-time query protocol |
| Data Transfer | Entire list | One certificate at a time |
| Location | CRL Distribution Point field | Authority Information Access (AIA) field |
| Response Speed | Slower (large file) | Faster (direct query) |
| Freshness | Periodic (hours/days) | Real-time |
| Privacy | CA doesn’t see user queries | CA can see who requests status |
| Optimized Form | — | OCSP Stapling |
| Used For | Offline/bulk revocation | Online, real-time validation |
πΉ 6. Why These Matter
When you connect to a secure website, your browser uses the CRL or OCSP information from the certificate to confirm:
The certificate has not been revoked (e.g., if compromised).
The CA that issued it still trusts it.
Without these checks, users could unknowingly connect to compromised or fraudulent servers, leading to MITM or phishing attacks.
✅ In short:
CRL = periodic file listing all revoked certs.
OCSP = online API to check a single cert’s revocation status.
Both pieces of information are embedded in the certificate itself, under CRL Distribution Points and Authority Information Access fields.
Would you like me to show an example using the openssl command to extract and view OCSP and CRL URLs from a real certificate? It helps to see exactly how this information appears in practice.
No comments:
Post a Comment