View CRL Latest Contents
Clicking on the View Latest CRL Contents button shows the details of all revoked certificates contained within the latest CRL:
The total number of revoked certificate entries and other CRL details about the CRL are shown under the header of the image. The following table describes the rest of the displayed items:
Items |
Description |
|< < > >| |
These buttons are for navigating the different pages. Note the number of records shown per page is configured within the ADSS Global Settings. |
Clear Search |
After a Search the window will only show the filtered records; this button provides a view of the full set of records. |
Search |
This opens a new window where you can enter the search criteria based on each column of the transaction grid (see below for further details). |
ID |
This table column identifies a unique number for each record. |
Serial Number {hex} |
This is the revoked certificate’s serial number in hexadecimal format. |
Revoked at |
This is the date and time when the certificate was revoked by the CA. |
Invalidity Date |
This is the date and time when the certificate actually became invalid (if present it will be equal to or earlier than the revoked at time). |
Revocation Reason |
This is the reason why the certificate was revoked as identified by the CA (may be empty). |
Hold Instruction Code |
This will contain any instruction codes in case the certificate is on hold (i.e. suspended). It will identify how the certificate should be treated whilst it is in this state. For further details on CRL hold instruction codes see PKIX RFC 5280. |
CRL Number {hex} |
This table column shows the CRL number (taken from the extension within the CRL or a system defined value in case the extension was not present). In the case of a partition CRL, multiple CRLs are zipped together in the form of a zip file. Hence, in this case, the CRL number that is being displayed on the console is the latest CRL number stored in the Partition CRL zip file. |
The records in the latest CRL for a particular CA can be sorted in either Ascending or Descending order by selecting a table column from the drop down list.
The contents of a CRL can be searched by clicking the Search button. This will show the following options for searching for a particular certificate in the target CRL:
As shown above a search for revoked certificates inside a large CRL can be made by:
- Identifying the certificate serial number.
- Identifying the certificate CRL number.
- Revoked at date range (i.e. all certificates revoked within a particular date range).
- Invalidity date range (i.e. all certificates that became invalid within a particular date range).
- Revocation Reason (i.e. all certificate revoked for a particular reason).