586    Chapter 10 • Public Key Infrastructure


             Figure 10.12 The Valid Dates of a Certificate































             Revocation

             As discussed at the beginning of this chapter, it is sometimes necessary to revoke a
             person’s (or company’s) certificate before the expiration date. Usually, revocation
             occurs when:

                  ■   A company changes ISPs, if its certificate was based on its ISP’s Domain
                      Name Server (DNS) name or its IP address, rather than the company’s own
                      DNS name, or if the ISP had access to the private key.

                  ■   A company moves to a new physical address, so that the address information
                      in the certificate becomes incorrect.

                  ■   The contact listed on a certificate has left the company.
                  ■   A private key has been compromised or is lost.














          www.syngress.com