Overview#A Certificate Authority can revoke any certificate it has issued. A certificate needs to be revoked if one or more of the following situations occur:
- The owner of the Certificate has changed status and no longer has the right to use the Certificate.
- The Private Key of a Certificate owner has been compromised.
- The Certificate owner doesn't want the certificate to be used anymore.
- The Private Key of the Certificate Authority that issued the certificate has been compromised.
Whenever a certificate is revoked, the Certificate Authority updates the status of the certificate in its internal database. This way, the server keeps track of all revoked certificates in its internal database and it makes the revoked list of certificates public (by publishing it to a central repository) to notify other users that the certificates in the list are no longer valid. Typically, the Certificate Authority will a method to allow possible users of the Certificate to know the status of the Certificate through one or more of the following methods: