Skip to main content

Certificate Revocation List (CRL)

Certificate Revocation List (CRL) updated and signed by our Certification Authority (Sci Software Intermediate CA). CRL Distribution Point (CDP): https://scisoftware.pl/CRL/servers_cert.crl.

Definition and Purpose

Certificate Revocation List (CRL) is a critical, digitally signed file generated by our Certification Authority (Sci Software Intermediate CA), which contains a list of serial numbers of all SSL/TLS certificates that have been revoked before their official expiration date.

The main purpose of the CRL is to maintain the security and integrity of connections. When your system connects to our server, it must check the CRL to ensure that the server certificate has not been revoked due to a security breach, data change, or other event.

Information for Partners and IT Administration

How CRL Works?

  1. Revocation: If a server certificate is compromised or withdrawn from use, we immediately add its unique serial number to the CRL.
  2. Distribution: The new, updated CRL file is digitally signed and made available at a specified location.
  3. Verification: Your client application or operating system, after downloading the server certificate, checks:
    • Whether the server certificate is signed by a trusted CA (Sci Software Intermediate CA).
    • Whether the serial number of the server certificate is on the CRL list.

Identification of the CRL File

  • Issuer: Usually the same entity that actively issues certificates, i.e., Sci Software Intermediate CA.
  • Serial Number: Contains a list of revoked certificate serial numbers.
  • Issue Date: The date when this CRL file was generated.
  • Next Update: The date by which the next updated CRL file will be published. The CRL file is only valid until this date.
  • CRL Distribution Point (CDP): The URL where your systems will automatically find and download the CRL file. (e.g., https://scisoftware.pl/CRL/servers_cert.crl)

Configuration Requirements

  • Availability: Ensure that your firewalls allow access to the CRL Distribution Point (CDP). Blocking access will prevent revocation status verification and may result in connection errors.
  • Check Frequency: For security reasons, client systems are typically configured to check the CRL at least once before the "Next Update" date.

Summary

CRL is a critical, routine security mechanism. It ensures that connections to our servers are established only using current and valid certificates that have not been revoked. Proper configuration of access to the CRL Distribution Point is essential for maintaining the continuity and security of communication with services operated by Sci Software Sławomir Cichy.