Validation of certificates

When a certification authority wants to revoke a certificate prior to the expiry of the indicated validity period, it records the serial number of the certificate on a validation server in a Certificate Revocation List.

Validation servers can be used in three ways:

• On one hand the complete Certificate Revocation List (CRL) in standardized data format can be downloaded in regular intervals (e. g. once a week). When using this procedure possibly one only becomes aware of a revocation after days.

• On the other hand one can send the serial number of a certificate during validation to the server that responds whether the certificate is still valid: Online Certificate Status Protocol (OCSP).

• Even better the servers includes into his response the current corresponding OCSP response signed and timestamped by the certification authority: OCSP Stapling.

Addresses for CRL download are included as additional details in the issued certificates and the OCSP address in the certificate of the certification authority. This allows for fully automatic use of the validation mechanisms. CRLs can also be used semiautomatically or manually.

To keep up-to-date, the links in the table below point directly to the validation servers of the certification authorities involved in the operation of the CA.

When you import a CRL this way, your WWW program probably starts to reload the newest version of the CRL from the same address in regular intervals.

When clicking on Import the certificate is downloaded in binary format for automatically importing into your WWW program. When clicking on Text the certificate is downloaded in PEM format for saving.

PDF certificates

	PDF CA (root CA)
Now ↑ 2022	Import (.crl)

„TCS“ certificates

	intermediate CA	root CA	alternative root CA
Now ↑ 2025	User RSA certificates: GEANT S/MIME RSA 1 Import (.crl) HARICA S/MIME RSA Import (.crl)	HARICA Client RSA Root CA 2021 Import (.crl)
	Server RSA certificates: GEANT TLS RSA 1 Import (.crl) HARICA OV TLS RSA Import (.crl)	HARICA TLS RSA Root CA 2021 Import (.crl)	Hellenic Academic and Research Institutions RootCA 2015 Import (.crl)
	User ECC certificates: GEANT S/MIME ECC 1 Import (.crl) HARICA S/MIME ECC Import (.crl)	HARICA Client ECC Root CA 2021 Import (.crl)
	Server ECC certificates: GEANT TLS ECC 1 Import (.crl) HARICA OV TLS ECC Import (.crl)	HARICA TLS ECC Root CA 2021 Import (.crl)	Hellenic Academic and Research Institutions ECC RootCA 2015 Import (.crl)
	intermediate CA	root CA	alternative root CA
2025 ↑ 2021	User RSA certificates: GEANT Personal CA 4 Import (.crl)	USERTrust RSA Certification Authority Import (.crl)	AAA Certificate Services Import (.crl)
	User eScience RSA certificates: GEANT eScience Personal CA 4 Import (.crl)
	Code Signing RSA certificates: GEANT Code Signing CA 4 Import (.crl)
	Server RSA certificates: GEANT OV RSA CA 4 Import (.crl)
	Server eScience RSA certificates: GEANT eScience SSL CA 4 Import (.crl)
	Server RSA certificates via ACME: Sectigo RSA Organization Validation Secure Server CA Import (.crl)
	User ECC certificates: GEANT Personal ECC CA 4 Import (.crl)	USERTrust ECC Certification Authority Import (.crl)
	User eScience ECC certificates: GEANT eScience Personal ECC CA 4 Import (.crl)
	Server ECC certificates: GEANT OV ECC CA 4 Import (.crl)
	Server eScience ECC certificates: GEANT eScience SSL ECC CA 4 Import (.crl)
	Server ECC certificates via ACME: Sectigo ECC Organization Validation Secure Server CA Import (.crl)

„Global“ certificates

	CA Uni MS	DFN-PCA	root CA
2022 ↑ 2016	Import (.crl) Text (.txt) Text (.pem)	Import (.crl) Text (.txt) Text (.pem)	T-TeleSec GlobalRoot Class 2 Import (.crl)