A list, maintained by a certificate authority (CA), of digital certificates that have been issued and then later revoked. A certificate revocation list (CRL) is similar to lists of revoked credit card numbers that credit card companies used to give to vendors. The certificate authority makes the CRL publicly available so that users can determine the validity of any digital certificate presented to them.
Creating and maintaining a CRL is an essential ingredient in running a public key infrastructure (PKI) to support public key cryptography systems. Microsoft Certificate Server includes a Web-based utility called the Certificate Administration Log Utility that can be used to revoke certificates and maintain a CRL.