Since 2019, our SSL certificates have been issued without a CRL extension. Instead, OCSP (=Online Certificate Status Protocol) is used to check the status of a certificate. You can find out exactly what CRL and OCSP are and how you can still obtain a certificate with a CRL extension below.
CRL (=Certificate Revocation List) is a list of SSL/TLS certificate serial numbers that have been revoked or suspended before they expire and should no longer be considered trustworthy by browsers. There can be various reasons why a certificate should no longer be classified as trustworthy:
When a browser sends a request to a secure website, the responsible certification authority receives the request and sends a response back to the browser with a list of all revoked certificates. The browser then uses the serial number to check whether the certificate for the requested website is available in the CRL. The CRL extents in an SSL certificate tell the browser which certification authority is responsible for the request.
The problem is that CRLs are very error-prone, as these lists have to be updated regularly. This creates a high maintenance effort for the certification authorities and creates a time window in which a revoked SSL/TLS certificate is still displayed as trustworthy. CRLs are also inefficient, as they can only be checked very slowly depending on the length of the list. CRL has now been replaced by OCSP.
Like CRL, the protocol is used to check the trustworthiness of an SSL/TLS certificate. The original OCSP had considerable problems, which is why the new "OCSP Stapling" approach has become established and is used by certification authorities and browsers to check SSL/TLS certificates.
To check the certificates, the certification authorities provide special servers, so-called OCSP responders, which wait for OCSP requests. However, instead of sending a request to the server for each certificate verification request, "OCSP Stapling" enables the web server to contact the OCSP responder directly at regular intervals and cache its response. Depending on the OCSP response, either the website is then displayed in the browser or an error message appears stating that the website's certificate is invalid. An OCSP responder issues the following responses:
The great advantage of OCSP stapling is that an SSL/TLS certificate can be checked in real time, which significantly reduces the loading time of a website. Furthermore, no user browser information is sent to the certification authority, as the verification is carried out by the web server.
OCSP stapling is supported by all major browsers and certification authorities, but you may still need to use the CRL extension, especially with older software. In this case, the certificate must be subsequently adapted.
To obtain your certificate with CRL extension, proceed as follows:
Create a new CSR and save the new PrivateKey on your hard disk or an external data carrier.
You can use our CSR generator, for example, to create the new CSR.
If you are using an IIS, the CSR must be generated on the server. Otherwise the certificate cannot be installed on the server!
Log in to your customer account on our website with your access data.
Click on My purchases and then on Certificates.
Now click on the issued certificate to access the certificate details.
Now click on Change to initiate the reissue and replace the existing CSR with the new CSR. Select the desired validation method and then click on Submit.
Before you proceed with the domain validation, you must contact our support team, as we have to adjust the order internally.
It is important that you contact us before confirming, as it is no longer possible to make adjustments afterwards!
Alternatively, you can also obtain the lists manually. To do this, you can request the information from the following server:
From personal information to financial information, SSL certificates ensure that data transmitted between a user's browser and a web server remains encrypted and secure. In our article, we give you an overview of the technology, show you how SSL works and what types of certificates there are.
Discover why SSL/TLS certificates are now expiring faster than ever—transforming from years to just 47 days! Learn how this shift boosts security, mandates automation, and what it means for web users and developers alike.
Discover how post-quantum SSL can shield your website from future cyber threats and keep your data safe against quantum computing attacks. Learn to implement and benefit from this advanced security measure today!
LEI numbers are critical for trading and security in the financial sector. Learn how they are used, how to apply for them, and the consequences of not having a number. Read more about the future development of LEI numbers and how they can improve IT security. Register with EuropeanLEI to get your own LEI number.
Discover the importance of SSL certificates for small and medium-sized enterprises (SMBs) in protecting against cyberattacks and building customer trust. Learn how SSL certificates work and their impact on search engine rankings and reputational damage.
![[EN]](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAUCAYAAACaq43EAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyRpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0NTY2MSwgMjAxMi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNiAoTWFjaW50b3NoKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDpERTc5MkI3RjE3OEExMUUyQTcxNDlDNEFCRkNENzc2NiIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDpERTc5MkI4MDE3OEExMUUyQTcxNDlDNEFCRkNENzc2NiI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOkEyMTE0RjIyMTc4QTExRTJBNzE0OUM0QUJGQ0Q3NzY2IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOkRFNzkyQjdFMTc4QTExRTJBNzE0OUM0QUJGQ0Q3NzY2Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+60cYSwAAAyhJREFUeNrElN1PU3cYxz/tOQUBD/aNymtbUAq2IOiUWXmZA40Iy2BzcW53y7JlyZLtZuE/8NaY7Gbe7WJbdJnTDOdQCbLKrERUotgCSodQ7AsFpK28yKT7rfsL2gv7JCcn+eV3zpPv5/l+H9X2xp65SqtJGfr1Fg3vNPD02SIhfwRniwP3pdvsOVxPaCHGs7+DOA/VJs8crXXEs3P48OfTfMIcU+SRaqlMzm8SNut2VuefIxvyydZIxFbWyX35iviLNZRiPZJaxdLyCkoiQUyc6cwFTPvC9FRkcbJMy7JaTrmxHIuvxaZm5xW7+Jl3NkKRaRt5OVlMjvuoqa9gwr9AgS4PvTYP78hjdtVVEAw9J+Kdxv7Td+hL8tGTeslGg8Jeexk3/riLs62O+cU441NBDjbZGbg+SlNbPYvRF9zzzHCoycFA/yhvCtRqnZbr5a1YEjGm5S2po1ZXfRHVaCTlWLODq24v1eWFGPVbuXH5Dh3vORm88xhziR5zoZ5rl9y0dx/ggS/EzGSQs5Ua3s39h7CUlbri0mKdUGzmijBXqzBXYH4Z931fsmlf7zBvd+wjIigMDI/TcbyRvt+GOSgUZ62uU3S2h8IdRgrTQK1S2T6PyhpZ+aB9LxcF2hpbCUUF27hy4S+Of/wWfUMeykuNVIin9/xNuj9qYWR8juknIc5szNC1voA/DdSypayAhlor57/vp/NEC7OBRfpveek+0cwvP/7JsfedhEWcLg8+pOtkMxfOuTjc5WSrSc+S6ymSQYtGyk5dsVT9/4zbhZmu3Z5IztggXOwSZjvSuZ+hUR9mEan/KAz+PkJb5z7GngSYdXu46T9Ho3EL6ZSKnZ9Fax0W5aFrDNuB6mROA6El7BYTnns+bPt3srK2gV+QcIjIPRLzrxL3ZkLLfB0c40udRCAd1EfFNioxaSG+Sl2NmchSnCKjwh6HBWlzk/rd1uTyMOTn8MbuctRiieyqLKbKbqXs4gSvQmFephOnRCIRFW+F11yyp/3TtD/eSKjYTM4rjcZh110yUZlDPfnVqcwovkppRhRnDrX/2x+UjKDuJXcuE4r/FWAAjBMttNdoYOEAAAAASUVORK5CYII=){kind=small}