A certificate revocation list is a time-stamped list of certificates that have been revoked by a certificate authority (CA).
A certificate that is found in a certificate revocation list (CRL) might
not be expired, but is no longer trusted by the certificate authority that
issued the certificate. The certificate authority creates the CRL that contains
the serial number and issuing CA distinguished name of the certificate that
has been revoked. The CA might add the certificate to the certificate revocation
list if it believes that the client certificate is compromised. The certificate
revocation list is maintained and issued by the certificate authority.