Selecting certificates based on revocation status

88 views

Skip to first unread message

Adriano Santoni

unread,

Sep 4, 2024, 8:05:42 AM9/4/24

to crt.sh

Sorry if I am asking an old question, but I cannot find an answer in past emails.

What's the right way -in SQL - to select certificates that are (or are Not) revoked, regardless of other selection criteria?

TIA

Adriano

r...@sectigo.com

unread,

Sep 16, 2024, 3:21:14 PM9/16/24

to crt.sh

Hi Adriano. There are multiple revocation methods available. If "Revoked by CRL" is good enough for your needs, then...

crt.sh's crl_monitor application checks every known CRL every 4 hours, and stores the CRL entries in the "crl_revoked" table, which has CA_ID and SERIAL_NUMBER columns.

You can join "crl_revoked.CA_ID" to "certificate.ISSUER_CA_ID", and you can join "crl_revoked.SERIAL_NUMBER" to "x509_serialNumber(certificate.CERTIFICATE)".

Reply all

Reply to author

Forward

0 new messages