7.5.3 CRL Facts
Certificate revocation - correct answer ✔Certificate revocation is the process
of breaking the bond of a public key pair to a specific individual. Revocation
occurs when the end entity falls out of the scope of trust of the PKI system.
Situations in which a digital certificate would be revoked are:
-The subject (either a person or the computer) identity changes, such as the
changing from a maiden name to a married name.
-An organization sells a division or changes it name.
-The subject of the certificate leaves the company or is no longer trusted for
some reason.
-A compromise, such as a private key is discovered by a hacker or a laptop
with PKI-enabled application is lost or stolen.
Be aware of the following certificate revocation - correct answer ✔-In the
certificate Authority console, when you revoke a certificate, it is moved to the
Revoked Certificate folder.
-You must indicate a reason when you revoke the certificate
-Certificates that have been revoked with Certificate Hold as the reason can
be unrevoked (reinstated). You cannot unrevoke certificate that have been
revoke for any other reason.
-The CA uses certificates in this folder to build the certificate revocation list
(CRL).
-Revoked certificates are published in a list called the Certificate Revocation
List(CRL). The CRL contains a list of all certificates issued by the CA that
have been revoked.
Four areas where the CRL is usually published are - correct answer ✔-ON
the issuing CA (by default in the C:\\Windows\system32\Certsrv\CertEnroll
directory)
-To a file
Certificate revocation - correct answer ✔Certificate revocation is the process
of breaking the bond of a public key pair to a specific individual. Revocation
occurs when the end entity falls out of the scope of trust of the PKI system.
Situations in which a digital certificate would be revoked are:
-The subject (either a person or the computer) identity changes, such as the
changing from a maiden name to a married name.
-An organization sells a division or changes it name.
-The subject of the certificate leaves the company or is no longer trusted for
some reason.
-A compromise, such as a private key is discovered by a hacker or a laptop
with PKI-enabled application is lost or stolen.
Be aware of the following certificate revocation - correct answer ✔-In the
certificate Authority console, when you revoke a certificate, it is moved to the
Revoked Certificate folder.
-You must indicate a reason when you revoke the certificate
-Certificates that have been revoked with Certificate Hold as the reason can
be unrevoked (reinstated). You cannot unrevoke certificate that have been
revoke for any other reason.
-The CA uses certificates in this folder to build the certificate revocation list
(CRL).
-Revoked certificates are published in a list called the Certificate Revocation
List(CRL). The CRL contains a list of all certificates issued by the CA that
have been revoked.
Four areas where the CRL is usually published are - correct answer ✔-ON
the issuing CA (by default in the C:\\Windows\system32\Certsrv\CertEnroll
directory)
-To a file
