Monday, September 23, 2013 - 11:59
If the private key of a SSL server certificate is lost or stolen the certificate must be revoked immediately. More commonly, all SSL certificates which are still valid but are no longer used or required must also be revoked by the Certificate Holder.
Every Certificate Authority manages their own certificate revocation lists (CRL) which are published showing the SSL certificates that should no longer be trusted. This enables web browsers in turn to warn users that a certificates used to secure a particular web service cannot be trusted and therefore the user should not proceed.