What is AAA?
A certificate revocation list (CRL) is a list of subscribers paired with certificate status, with each end user's certificate listed as valid, revoked, or expired. A properly configured list indicates the reason for a revoked certificate and the dates for which each certificate is valid. CRLs are an important part of the public key infrastructure as they allow a certain infrastructure to list valid and invalid digital certificates more precisely.
Within a public key infrastructure, part of the authentication process involves the exchange of digital certificates. In addition, end users must have a way to verify that another user's digital certificate is currently authorized. This is where certificate revocation lists come into play. An end user's digital certificate could have been valid at some point, but in some cases an organization may need to revoke an end user's digital certificate so the rest of the organization knows that the revocation is no longer an authorized user.