How does certificate revocation list (CRL) work? How can I send a request to the CA to add my current private key to the CRL, so no one except me can add my certificate to the CRL?
- How can we get CA's public key?
- I've got my private key compromised. How does CRL work?
- What happens when a root CA has its private key compromised?
That depends on the concrete CRL.
As long as you have access to your private key, you can sign the revocation request. This prevents anyone without access to the private key from issuing a faked revocation request.
With access to the private key, a faked revocation request can be sent. But in this case the damage is already done, and a revocation is actually helping the victim.
External links referenced by this document: