Clicking on the View Latest CRL Contents button shows the details of all revoked certificates contained within the latest CRL: 

The total number of revoked certificate entries and other key details about the CRL are shown at the top of the screen.

The following table describes the rest of the displayed items:

Items

Description

|< < > >|

These buttons are for navigating the different pages. Note the number of records shown per page is configurable from within Global Settings (since it impacts all grids within the product).

Clear Search

After a Search the window will only show the filtered records; this button provides a view of the full set of records.

Search

This opens a new window where you can enter the search criteria based on each column of the transaction grid (see below for further details).

ID

This table column identifies a unique number for each record.

Serial Number {hex}

This is the revoked certificate’s serial number in hexadecimal format.

Revoked at

This is the date and time when the certificate was revoked by the CA.

Invalidity Date

This is the date and time when the certificate actually became invalid (if present it will be equal to or earlier than the revoked at time).

Revocation Reason

This is the reason why the certificate was revoked as identified by the CA (may be empty).

Hold Instruction Code

This will contain any instruction codes in case the certificate is on hold (i.e. suspended). It will identify how the certificate should be treated whilst it is in this state. For further details on CRL hold instruction codes see PKIX RFC 5280.

CRL Number {hex}

This shows the current CRL number for the CA (in decimal format). In case the CRL did not contain the CRL number extension (e.g. X.509 v1 CRL) then this column will show the system-assigned number for the CRL.

In the case of a partition CRL, multiple CRLs are zipped together in the form of a zip file. Hence, in this case, the CRL number that is being displayed on the console is the latest CRL number stored in the Partition CRL zip file.


The records in the latest CRL for a particular CA can be sorted in either Ascending or Descending order by selecting a table column from the drop down list.

The contents of a CRL can be searched by clicking the Search button. This will show the following options for searching for a particular certificate in the target CRL:

As shown above a search for revoked certificates inside a large CRL can be made by:

  • Identifying the certificate serial number.
  • Identifying the certificate CRL number.
  • Revoked at date range (i.e. all certificates revoked within a particular date range)
  • Invalidity date range (i.e. all certificates that became invalid within a particular date range).
  • Revocation Reason (i.e. all certificate revoked for a particular reason).

See also

Searching for CRLs