In cryptography, a certificate revocation list (or CRL) is 'a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted'. In cryptography, a certificate revocation list (or CRL) is 'a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted'. There are two different states of revocation defined in RFC 5280: Reasons to revoke a certificate according to RFC 5280 p69 are: