A security administrator must implement a system to ensure that invalid certificates are not used by a custom
developed application. The system must be able to check the validity of certificates even when internet access
is unavailable.
Which of the following MUST be implemented to support this requirement?

A.
CSR

B.
OCSP

C.
CRL

D.
SSH