nCertificates
(at least, all the ones we’re concerned with) contain explicit validity periods – “valid
from” & “expires on”
nExpiration
dates help bound the risk associated with issuing a certificate
nSometimes,
though, it becomes necessary to “undo” a certificate while it is still
valid
nKey
compromise
nCert
was issued under false pretenses
nThis
is called revoking a certificate