Revocation in this case must be based on the cryptographic fingerprint of the certificate, and the mechanism that provides this functionality is a certificate revocation list (CRL).
在此情况下,撤销必须基于该证书的加密指纹,而提供此功能的机制就是证书撤销列表(CRL)。
With a trust store consisting of a single trusted ca and nothing more, the CRL approaches an equivalent per-DN revocation capability in which revocation of the certificate effectively revokes access.
使用除包含单个受信任存储CA之外没有其他任何内容的信任存储区,CRL提供一个等效的每DN撤销功能,撤销证书将有效撤销访问权。
For certificate revocation to work properly, the receiver of the certificate must check to see if it is still valid.
为了让证书撤消起作用,证书的接受者必须检查它是否仍然有效。
应用推荐