Joe, a user, reports to the system administrator that he is receiving an error stating his certificate has
been revoked. Which of the following is the name of the database repository for these certificates?

A.
CSR

B.
OCSP

C.
CA

D.
CRL

Explanation:
A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or key.
Incorrect Answers:
A: A CSR is a request to a CA, not a database of revoked certificates.
One of the first steps in getting a certificate is to submit a certificate-signing request (CSR). This is a
request formatted for the CA. This request will have the public key you wish to use and your fully
distinguished name (often a domain name). The CA will then use this to process your request for a digital
certificate.
B: OCSP is a protocol, not a database.
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation
status of an X.509 digital certificate.
C: A CA is not a database for revoked certificates, though the CRL is stored on the CA.
A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing
certificates.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 262, 279-280, 285