The scope and audience of this White paper is to assist organizational system architects and administrators in understanding how certificate chaining and revocation work in Windows 2000 and Windows XP to allow the administrators to troubleshoot problems related to certificate chaining and revocation.
For an introduction to PKI and Certificate Services, please refer to following terms are used in this white paper: Authority Information Access (AIA).
Under such circumstances, the CA needs to revoke the certificate.
This White paper details the basics of certificate status, chain building, and how they work in Windows operating systems to assist administrators in troubleshooting a PKI implementation.However, various circumstances may cause a certificate to become invalid prior to the expiration of the validity period.Such circumstances include change of name, change of association between subject and CA (for example, when an employee terminates employment with an organization), and compromise or suspected compromise of the corresponding private key.The listing includes the serial number of the certificate, the date that the certificate was revoked, and the revocation reason.Applications can perform CRL checking to determine a presented certificate's revocation status. A protocol that allows real-time validation of a certificate's status by having the Crypto API make a call to an OCSP responder and the OCSP responder providing an immediate validation of the revocation status for the presented certificate.