Certificate revocation list
A certificate revocation list is a time-stamped list of certificates that have been revoked by a certificate authority (CA).
A certificate found in a certificate revocation list (CRL) might not be expired, but is no longer trusted by the certificate authority that issued the certificate. The certificate authority creates the CRL containing the serial number and issuing CA distinguished name of the certificate that has been revoked. The CA might add the certificate to the certificate revocation list if it believes that the client certificate is compromised. The certificate revocation list is maintained and issued by the certificate authority.
Related concepts
Collection certificate store