Certificate Trust Lists

byAlex R. •March 16, 2012
Certificate Trust Lists (CTL) is a structure similar to CRL, but would usually hold a list of CAs (roots or intermediates) instead of revoked end user certificates.
When mutual authentication with SSL in IIS is configured, both the server and the client match their CTLs which contain a list of trusted root certificate authorities on each side. The intersection of these two groups is used by the browser when it looks for end user certificates in personal storage deriving from one of the CAs in the new list. The browser then provides a selection popup box for the user to choose a certificate from it and use it for client authentication.
A custom CTL may be defined for each website in IIS.
Tags IIS Security
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/523887051-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY4M0a1QQiQEHgEbLBC6jCJF7JKqTg:1716092941180';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d2139279071038304164','//alexrait.blogspot.com/2012/03/certificate-trust-lists.html','2139279071038304164');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '2139279071038304164', 'title': 'Coding with Alex', 'url': 'https://alexrait.blogspot.com/2012/03/certificate-trust-lists.html', 'canonicalUrl': 'https://alexrait.blogspot.com/2012/03/certificate-trust-lists.html', 'homepageUrl': 'https://alexrait.blogspot.com/', 'searchUrl': 'https://alexrait.blogspot.com/search', 'canonicalHomepageUrl': 'https://alexrait.blogspot.com/', 'blogspotFaviconUrl': 'https://alexrait.blogspot.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': false, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': 'UA-202988341-1', 'encoding': 'UTF-8', 'locale': 'en', 'localeUnderscoreDelimited': 'en', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Coding with Alex - Atom\x22 href\x3d\x22https://alexrait.blogspot.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Coding with Alex - RSS\x22 href\x3d\x22https://alexrait.blogspot.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Coding with Alex - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/2139279071038304164/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Coding with Alex - Atom\x22 href\x3d\x22https://alexrait.blogspot.com/feeds/5720881880152191640/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-9348007134072555', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': false, 'adsenseAutoAds': false, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/8a8c39e8754b0ef7', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'Twitter', 'key': 'twitter', 'shareMessage': 'Share to Twitter', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': true, 'jumpLinkMessage': 'Blog Posts', 'pageType': 'item', 'postId': '5720881880152191640', 'postImageUrl': 'https://nbphe-wp-production.s3.us-east-1.amazonaws.com/app/uploads/2017/05/digital.png', 'pageName': 'Certificate Trust Lists', 'pageTitle': 'Coding with Alex: Certificate Trust Lists', 'metaDescription': 'Explaining CTL meaning in the PKI World.'}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard!', 'ok': 'Ok', 'postLink': 'Post Link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'Certificate Trust Lists', 'description': 'Explaining CTL meaning in the PKI World.', 'featuredImage': 'https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vf8OGFs-YKoema76hRaQVasFRBCVg4ZhK2VyfML6WGI4uIaJk7_oj0Ept1uqXPPtaFcDrAzFAyfFf8wqZP68TanEjW-4RO3X_oeTWyrD6dCKR-syhD8vcG2McpF-uk0XFZtyjgULeGYDE3rLWn5rElJcQWM9-VH7Ww', 'url': 'https://alexrait.blogspot.com/2012/03/certificate-trust-lists.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 5720881880152191640}}, {'name': 'widgets', 'data': [{'title': 'Default Thumbnail', 'type': 'Image', 'sectionId': 'pbt-panel', 'id': 'Image52'}, {'title': 'JSON Variables', 'type': 'HTML', 'sectionId': 'pbt-panel', 'id': 'HTML50'}, {'title': 'Coding with Alex', 'type': 'Image', 'sectionId': 'main-logo', 'id': 'Image50'}, {'title': '', 'type': 'LinkList', 'sectionId': 'xdfcb-main-menu', 'id': 'LinkList200'}, {'title': 'Links', 'type': 'LinkList', 'sectionId': 'headerbar', 'id': 'LinkList201'}, {'title': 'Follow Us', 'type': 'LinkList', 'sectionId': 'headerbar', 'id': 'LinkList202'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'main', 'id': 'Blog1', 'posts': [{'id': '5720881880152191640', 'title': 'Certificate Trust Lists', 'featuredImage': 'https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vf8OGFs-YKoema76hRaQVasFRBCVg4ZhK2VyfML6WGI4uIaJk7_oj0Ept1uqXPPtaFcDrAzFAyfFf8wqZP68TanEjW-4RO3X_oeTWyrD6dCKR-syhD8vcG2McpF-uk0XFZtyjgULeGYDE3rLWn5rElJcQWM9-VH7Ww', 'showInlineAds': false}], 'headerByline': {'regionName': 'header1', 'items': [{'name': 'share', 'label': ''}, {'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': '\u2022'}]}, 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'comments', 'label': '$type\x3d{blogger}'}, {'name': 'icons', 'label': ''}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': 'Tags'}]}], 'allBylineItems': [{'name': 'share', 'label': ''}, {'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': '\u2022'}, {'name': 'comments', 'label': '$type\x3d{blogger}'}, {'name': 'icons', 'label': ''}, {'name': 'labels', 'label': 'Tags'}]}, {'title': 'You might like', 'type': 'HTML', 'sectionId': 'xdfcb-related-posts', 'id': 'HTML51'}, {'title': 'Coding with Alex (Header)', 'type': 'Header', 'sectionId': 'sidebar', 'id': 'Header1'}, {'title': 'Main Tags', 'type': 'Label', 'sectionId': 'sidebar', 'id': 'Label2'}, {'title': 'Total Pageviews', 'type': 'Stats', 'sectionId': 'sidebar', 'id': 'Stats1'}, {'title': 'Popular Posts', 'type': 'PopularPosts', 'sectionId': 'sidebar', 'id': 'PopularPosts2', 'posts': [{'title': 'Windows terminal overview', 'id': 7616715125089713010}, {'title': 'WebRTC demonstration page', 'id': 181734159299740304}, {'title': 'Sending big files with yousendit', 'id': 2782856607246331080}, {'title': 'Check the validity of an israeli ID in .NET', 'id': 5899351308543026302}]}, {'title': 'Most Popular Posts', 'type': 'PopularPosts', 'sectionId': 'sidebar', 'id': 'PopularPosts1', 'posts': [{'title': 'Windows terminal overview', 'id': '7616715125089713010'}, {'title': 'WebRTC demonstration page', 'id': '181734159299740304'}, {'title': 'Sending big files with yousendit', 'id': '2782856607246331080'}, {'title': 'Check the validity of an israeli ID in .NET', 'id': '5899351308543026302'}, {'title': 'List of free Timestamp servers compliant with rfc3161', 'id': '7347007255592622068'}, {'title': 'OpenIDDict example with client credentials flow', 'id': '8256163416448296805'}]}, {'title': 'About Us', 'type': 'Image', 'sectionId': 'xdfcb-about-section', 'id': 'Image51'}]}]);
_WidgetManager._RegisterWidget('_ImageView', new _WidgetInfo('Image52', 'pbt-panel', document.getElementById('Image52'), {'resize': true}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML50', 'pbt-panel', document.getElementById('HTML50'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_ImageView', new _WidgetInfo('Image50', 'main-logo', document.getElementById('Image50'), {'resize': true}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList200', 'xdfcb-main-menu', document.getElementById('LinkList200'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList201', 'headerbar', document.getElementById('LinkList201'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList202', 'headerbar', document.getElementById('LinkList202'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'main', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/1781096480-lbx.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/13464135-lightbox_bundle.css'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML51', 'xdfcb-related-posts', document.getElementById('HTML51'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'sidebar', document.getElementById('Header1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LabelView', new _WidgetInfo('Label2', 'sidebar', document.getElementById('Label2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_StatsView', new _WidgetInfo('Stats1', 'sidebar', document.getElementById('Stats1'), {'title': 'Total Pageviews', 'showGraphicalCounter': false, 'showAnimatedCounter': false, 'showSparkline': true, 'statsUrl': '//alexrait.blogspot.com/b/stats?style\x3dBLACK_TRANSPARENT\x26timeRange\x3dALL_TIME\x26token\x3dAPq4FmBIOxRLguymumQwpLs_kckHol9I2HRjUR9gry3KC3auQwn_ei7RW1xDL7-bzIlBrsUwq-F5dc4n7V1nA7ICQoXG1_rLog'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts2', 'sidebar', document.getElementById('PopularPosts2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts1', 'sidebar', document.getElementById('PopularPosts1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_ImageView', new _WidgetInfo('Image51', 'xdfcb-about-section', document.getElementById('Image51'), {'resize': true}, 'displayModeFull'));
</script>
</body>
Certificate Trust Lists

Post a Comment
