Re: SSL certificates -- how are they validated?

From: Rob R. Ainscough (
Date: 06/30/05

Date: Thu, 30 Jun 2005 06:51:40 -0700

Hi Nicole,

So it the issuer chain goes down, then no validation?


"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> "Rob R. Ainscough" <> wrote in message
> news:uOsQi5PfFHA.1480@TK2MSFTNGP10.phx.gbl...
>> If I purchase an SSL certificate and install it on my web server, how is
>> it validated? Anytime anyone communicates with my web server does the
>> SSL go out to site that issued the SSL certificate to validate it? Or is
>> this just a one time deal?
> This behaviour depends largely on the client application. Most browsers
> will check the CRLs (certificate revocation lists) along the issuer chain
> of a web site certificate only once per browser launch, not for each page
> visited within a site.
>> Also, can certificates be "updated" when a server is moved or it's IP is
>> changed (and/or domain name)?
> There is generally no need to make any changes to a certificate when a
> server is physically moved or when its IP address changes. However, web
> server SSL certificates are mapped to the server host name, so a name
> alteration would require a certificate change (even if the IP address
> doesn't change).