Apr 10, 2015

mod_ssl - Apache HTTP Server Version 2.5 Prior to version 2.3.15, CRL checking in mod_ssl also succeeded when no CRL(s) were found in any of the locations configured with SSLProxyCARevocationFile or SSLProxyCARevocationPath. With the introduction of this directive, the behavior has been changed: when checking is enabled, CRLs must be present for the validation to succeed - otherwise How to generate a certificate revocation list (CRL) and Apr 10, 2015

Download Roots/CRL - US - Digicert + QuoVadis US

Sectigo removes CRL support in newly issued certificates Apr 04, 2019

Prior to version 2.3.15, CRL checking in mod_ssl also succeeded when no CRL(s) were found in any of the locations configured with SSLProxyCARevocationFile or SSLProxyCARevocationPath. With the introduction of this directive, the behavior has been changed: when checking is enabled, CRLs must be present for the validation to succeed - otherwise

A CRL is simply a list of all the certificates the CA has ever revoked before their scheduled expiration. These are periodically updated by the CAs, and browsers were required to review them before each HTTPS connection. Over time, the CRLs grew in size, as did the task of each browser reviewing them. Certificate revocation lists — OpenSSL Certificate A certificate revocation list (CRL) provides a list of certificates that have been revoked. A client application, such as a web browser, can use a CRL to check a server’s authenticity. A server application, such as Apache or OpenVPN, can use a CRL to deny access to clients that are no longer trusted. Certificate Revocation List (CRL) Jun 30, 2020 Certificate Revocation List (CRL): Explained