CRL
also: Certificate Revocation List
A Certificate Revocation List (CRL) is a digitally signed list of digital certificates that have been revoked before their expiration date and should no longer be trusted.
A CRL is published by a Certificate Authority (CA) and contains the serial numbers of certificates that have been invalidated, typically due to compromise, key loss, or organizational changes. Systems checking certificate validity can download and consult the CRL to verify that a certificate hasn't been revoked.
For example, if a web server's private key is compromised, the CA issues a CRL entry revoking that certificate. When a client connects to a site and receives the certificate, it can check the CRL to confirm the certificate hasn't been listed as revoked.
CRLs are commonly used in PKI (Public Key Infrastructure) systems and are often supplemented or replaced by OCSP (Online Certificate Status Protocol) for real-time revocation checking, as CRLs can become large and require periodic downloads.