The PKI in Windows 2003 and Win2K Server supports complete certificate revocation lists (CRLs) and CRL Distribution Points (CDPs).
In addition, Windows 2003 Certificate Services supports delta CRLs.
By gaining an in-depth understanding of how certificate validation works, you'll be better prepared to recognize and solve certificate-validation problems when they occur.
The validation process performs the following checks on a certificate: digital signature, trust, time, revocation, and formatting.
A certificate is invalid if it doesn't pass one or more of these checks.
During the digital signature check, the validation software uses a trustworthy public key to validate the digital signature that the certificate issuer (i.e., the Certificate Authority--CA) has applied to the certificate content.
SSL compares the certificate subject's RFC 822 name with the name contained in the URL of the secure Web site that the client is accessing.You don't want to rely on certificates based on obsolete technology.The revocation check determines whether the issuing CA has revoked the certificate.In the case of S/MIME, this check protects against impersonation or man-in-the-middle attacks.In such attacks, a malicious entity reuses a user's identity to gain access to a system or network.