|Subject||Computer and Network Security|
|NU Year||Set: 5.(c) Marks: 2+4+2 Year: 2014|
An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.
Digital certificates are revoked for many reasons. If a CA discovers that it has improperly issued a certificate, for example, it may revoke the original certificate and reissue a new one. Or if a certificate is discovered to be counterfeit, the CA will revoke it and add it to the CRL. The most common reason for revocation occurs when a certificate's private key has been compromised. Other reasons for revoking a certificate include the compromise of the issuing CA, the owner of the certificate no longer owning the domain for which it was issued, the owner of the certificate ceasing operations entirely or the original certificate being replaced with a different certificate from a different issuer.