Certificate Revocation List (CRL) is a list containing the serial numbers and distinguished names of certificates that cannot be trusted anymore and were hence revoked. If a certificate loses its validity for any reason (for example, becomes compromised because its private key is stolen) the issuing Certificate Authority (CA) revokes it. This is published on the website of the CA in a CRL. Expired or compromised certificates shall not be used either internally.

CRLs can be obtained usually through HTTP, certificate authorities update and publish them on their website on a regular basis.