Validation of certificates

When a certification authority wants to revoke a certificate prior to the expiry of the indicated validity period, it records the serial number of the certificate on a validation server in a Certificate Revocation List (CRL).

Validation servers can be used in two ways:

  • On one hand the complete CRL in standardized data format can be downloaded in regular intervals (e. g. once a week). When using this procedure possibly one only becomes aware of a revocation after days.

  • On the other hand one can send the serial number of a certificate during validation to the server that responds whether the certificate is still valid: Online Certificate Status Protocol (OCSP).

Addresses for CRL download are included as additional details in the issued certificates and the OCSP address in the certificate of the certification authority. This allows for fully automatic use of the validation mechanisms. CRLs can also be used semiautomatically or manually.

To keep up-to-date, the links in the table below point directly to the validation servers of the certification authorities involved in the operation of the WWUCA.

When you import a CRL this way, your WWW program probably starts to reload the newest version of the CRL from the same address in regular intervals.

When clicking on Import the certificate is downloaded in binary format for automatically importing into your WWW program. When clicking on Text the certificate is downloaded in PEM format for saving.

 

X.509 WWUCA

X.509 DFN-PCA

X.509 root CA

2027

2016

Import (.crl)
Text (.txt)
Text (.pem)

Import (.crl)
Text (.txt)
Text (.pem)

T-TeleSec GlobalRoot Class 2

Import (.crl)

2016

2007

Import (.crl)
Text (.txt)
Text (.pem)

Import (.crl)
Text (.txt)
Text (.pem)

Deutsche Telekom Root CA 2

Import (.crl)