Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: SSL CRL Activity - SANS Internet Storm Center SSL CRL Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Certificates Revoked per Day


Update: We temporarily stopped reading “http://crl.globalsign.com/gs/gsorganizationvalg2.crl”. It had > 30,000 revocations today, drowning the rest of the data. Trying to figure out if this is real. (4/16/2014 7:30pm)

Update 2: I used the online chat to talk to GlobalSign tech support and they confirmed that it is real and related to the revocations due to Heartbleed. Adding them to the graph again. (4/16 8pm ET)

About This Data

Certificate Revocation Lists (“CRLs”) are used to track revoked certificates. Your browser will download these lists to verify if a certificate presented by a web site has been revoked. The graph above shows how many certificates were revoked each day by the different CRLs we are tracking.

One concern is that as CRLs become too large, downloading them may slow down or even fail if the web server providing them doesn't respond fast enough. As an alternative to CRLs, most web browsers can also use OCSP (Online Certificate Status Protocol). OCSP is a web service and can be used to query a specific certificate.

The data you see above does only include unique certificates. You may find that particular certificates are included in more then one CRL.

You can easily retrieve the data yourself. Download the CRL from the URL provided below, then use “openssl” to parse the list: openssl crl -in <filename> -inform DER -text.

How do we get this information?

Here is a list of links to the aggregated data feeds used to produce this graph. We download each list several times a day.

The “Last Updated” date below reflects the time the list was last updated by the certificate authority and the “Next Update“ date is the date included in the CRL for the next expected update. The “Last Retrieved” time was the time at which we retrieved the list. The total size includes the total number of unique certificate revocations included in this list.

There are many more CRLs that are not yet included in this list. If you find others we should include, let us know.

URL Last Updated Next Update Last Retrieved Total Size Revoked last 30 days
URL Last Updated Next Update Last Retrieved Total Size Revoked last 30 days