Error of validating certificate
The CA then responds with an answer of “good,” “revoked,” or “unknown.” A response of “unknown” could indicate the certificate is a forgery.
OCSP can be more efficient, especially if the CRL includes a large number of revoked certificates.
Before clients use a certificate, they first verify it is valid.
It includes the same elements readers raved about in the previous three versions.The certificate revocation list (CRL) includes a list of revoked certificates and is publicly available.