ABSTRACT
In a public key infrastructure (PKI), digital certificates, signed by certification authorities (CAs), are the means of distributing public keys accurately and reliably to users needing to encrypt messages or verify digital signatures. A certificate has a fixed lifetime, typically one year. However, a certificate may need to be revoked by a CA if a user private key is compromised or the CA is no longer willing to support the certification (for example, because the holder of the private key terminated employment with the enterprise). The PKI needs to provide applications that use certificates with the ability to check, at the time of usage, that the certificate is still valid.
