When a user visits an online store website that uses HTTPS, the user browser queries the CA for a CRL. What is the purpose of this query?
- to check the length of key used for the digital certificate
- to negotiate the best encryption to use
- to request the CA self-signed digital certificate
- to verify the validity of the digital certificate
Answers Explanation & Hints:
A digital certificate must be revoked if it is invalid. CAs maintain a certificate revocation list (CRL), a list of revoked certificate serial numbers that have been invalidated. The user browser will query the CRL to verify the validity of a certificate.