Abstract
Like credit cards, digital certificates have a limited validity period. Most credit cards have only an expiration date (end of validity period), while digital certificates also have a start of validity period. The CA determines the start and end of the validity period when they issue a digital certificate, and those are included in the X.509 structure. These are covered by the certificate digital signature so they cannot be changed without detection. An expired digital certificate should normally not be used, except in certain specific situations (such as reading an old encrypted email). It is up to every relying application to check the validity dates against a trusted time source every time a certificate is used. As with credit cards, sometime you need to “expire” a certificate before the official expiration date. This is accomplished via “certificate revocation checking”. Any expired or revoked certificate can normally be renewed with a later validity period.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to APress Media, LLC, part of Springer Nature
About this chapter
Cite this chapter
Hughes, L.E. (2022). Certificate Revocation and Renewal. In: Pro Active Directory Certificate Services. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-7486-6_7
Download citation
DOI: https://doi.org/10.1007/978-1-4842-7486-6_7
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-7488-0
Online ISBN: 978-1-4842-7486-6
eBook Packages: Professional and Applied ComputingApress Access BooksProfessional and Applied Computing (R0)