I recently did a bit of reading on how certificate revocation works in practice. Although I had some idea of what a CRL (Certificate Revocation List) was, I did not know by what mechanism a client would check a servers certificate against such a list. Hence, here’s is a writeup of my findings. This post assumes the reader has some knowledge of how digital certificates work and what they are used for, as well as what a CA (Certificate Authority) is.