<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
 <TITLE>XCA : Certificate Revocation Lists</TITLE>
 <LINK HREF="xca-13.html" REL=next>
 <LINK HREF="xca-11.html" REL=previous>
 <LINK HREF="xca.html#toc12" REL=contents>
</HEAD>
<BODY>
<A HREF="xca-13.html">Next</A>
<A HREF="xca-11.html">Previous</A>
<A HREF="xca.html#toc12">Contents</A>
<HR>
<H2><A NAME="s12">12.</A> <A HREF="xca.html#toc12">Certificate Revocation Lists</A></H2>

<P>All certificates are issued for a restricted timeperiod of validity.
However it can happen that a certificate shoud not be used / becomes invalid
before the "not after" time in the certificate is reached. In this case
the issuing CA should revoke this certificate by putting it on the list of
revoked certificates, signing and publishing it.</P>

<H2><A NAME="ss12.1">12.1</A> <A HREF="xca.html#toc12.1">Generation of Certificate revocation lists</A>
</H2>

<P>In XCA this can be done by the context-menu of the CA and the
"revoke" entry in the context-menu of the issued certificate.
First all invalid certificates are marked as revoked and
then a Certificate Revocation List should be created and will be stored in the
database.</P>


<HR>
<A HREF="xca-13.html">Next</A>
<A HREF="xca-11.html">Previous</A>
<A HREF="xca.html#toc12">Contents</A>
</BODY>
</HTML>