CRL Check ​

The CRL Check can be used to check whether a certificate is entered in a certificate revocation list. For this a certificate is needed. The extension cRLDistributionPoints is used to check the stored certificate revocation list whether there is an entry with the serial number of the certificate.

If an entry exists, then the certificate is marked as withdrawn and is therefore no longer valid. Revocation lists are not updated in real time and so it depends on the CA when a revoked certificate ends up on the list. The "Last update" date indicates when the list was last updated.

Important : Certificate revocation lists have been replaced by the new OCSP protocol. Due to backward compatibility with older systems, CAs continue to maintain revocation lists. However, OCSP should be used to check the status of the certificate.