Download and View a CRL

This exercise complements material in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.

This lab shows you one method of downloading and viewing a certification revocation list.

Requirements: This exercise assumes you are running a Windows system with certutil available. Certutil is available on most Windows systems. The exercise also assumes that you can open a Google Chrome web browser, version 56 or later and you know how to view a certificate. You can use the View A Certificate lab to open a certificate.

Download a Certificate Revocation List (CRL)

1. Open the Google Chrome web browser.

2. Type in https://google.com and press Enter (or click the link if Google Chrome is your default web browser). The web browser will create a secure connection with the google.com web site using HTTPS over port 443.

3. Open the Developer Tools. You can do so with one of the following steps:

  • Press the F12 key on Windows or Linux.
  • Press the CTRL + SHIFT + i keys on Windows or Linux.
  • Press the Command (⌘) + Option + i keys on a Mac.
  • Open the Chrome Developer Tools by opening the Chrome menu (⋮), directly under the X in the browser, and then selecting More Tools -> Developer Tools.

4. With the Developer Tools open, select the Security tab. If the Security tab isn’t showing, you may need to click on the open icon (») to show more tabs.

5. Click on the View certificate button. It will open the main page for the certificate.

6. Click on the Details tab.

7. With the Details tab selected, scroll down and select CRL Distribution Points.

You’ll see a URL for a CRL. In the figure, the CRL URL is http://pki.google.com/GIAG2.crl.

8. Type the full URL into another browser window. This will download a copy of the CRL certificate using the method supported by your browser. In Google Chrome, it shows the download at the bottom of the page. If you click on the down arrow, it will display a menu. Click on Show in folder.

Note: In most browsers, you should be able to highlight the CRL URL and press CTRL + C to copy it. You can then paste it into a blank browser page.

9. Copy the CRL certificate file and paste it into a folder that you can easily navigate to from the command line. On my system, I copied it to a folder I created called c:\securityplus.

10. Close the certificate by clicking OK. Close the Developer Tools by clicking the X to the right of the Security tab.

View the CRL in the Certificate

1. Open File Explorer.

2. Navigate to the folder where you copied the CRL certificate file. For example, if you copied it to a folder called c:\securityplus, navigate to that folder.

3. Double-click the CRL certificate file to open it.

4. Select the Revocation List tab. You’ll see something similar to the following graphic.

You can see that this certificate authority revoked three certificates. Each certificate is identified by its serial number.  If you did the View A Certificate lab, you had an opportunity to view the serial number in the certificate.

View the CRL with Certutil

1. Open a command prompt. If necessary, you can revisit the labs from Chapter 1 to open a command prompt.

2. Navigate to the folder where you copied the CRL certificate file. For example, if you copied it to a folder called c:\securityplus, you can use the following command:

cd c:\securityplus

3. Use the dir command to identify the name of the CRL certificate file:

dir

On my system, the name of the file is giac2.crl.

4. Enter the following command to view the contents of the CRL. Note that you need to substitute giag2.crl in the example with the name of the CRL file you downloaded.

certutil -dump giag2.crl

On my system, this CRL shows three revoked certificates identified by the following serial numbers:

  • Serial Number: 764bedd38afd51f7
  • Serial Number: 0b54e3090079ad4b
  • Serial Number: 31da3380182af9b2

5. In some CRLs, you may find a large number of revoked certificates and it can be challenging to find a specific serial number. However, you can export the contents of the CRL to a text file with the following command.

certutil -dump giag2.crl > crl.txt

Note that you need to substitute giag2.crl in the example with the name of the CRL file you downloaded.

6. You can view the text file in Notepad with the following command:

notepad crl.txt

Back to SY0-501 Security+ labs.

error: