Is My Certificate Revoked?
Paste or upload your certificate. Verified live via OCSP & CRL.
More Information About the Revocation Checker
A revoked certificate is one that the issuing CA has explicitly invalidated before its expiry date. Browsers reject revoked certificates with a hard warning, so it is worth checking any time a certificate is reissued or there is suspicion of key compromise.
The Revocation Checker queries two live sources defined inside the certificate itself:
- OCSP (Online Certificate Status Protocol). A real-time, per-certificate status check published by the issuer. Fast, but it only returns Good, Revoked, or Unknown for that one certificate.
- CRL (Certificate Revocation List). A signed list of every certificate the CA has revoked in that series. Slower to download, but authoritative for the whole issuer.
Two ways to check:
- Domain. We fetch the certificate live from the hostname over TLS, then run the revocation lookup against it.
- Certificate. Paste or upload your PEM, CRT, CER, or DER file and we inspect it directly.
Verdicts:
- Valid. The OCSP or CRL response confirmed the certificate is still good.
- Revoked. The certificate has been revoked, with the revocation date and reason (such as
keyCompromise,cessationOfOperation, orsuperseded) shown when available. - Unknown. The OCSP responder could not confirm a status. Usually the certificate is too old, the serial is not in the responder's cache, or the endpoint is misconfigured.
How the check runs: each lookup is a transient request to the CA's published OCSP and CRL endpoints, the same way a browser performs the check during a TLS handshake. The certificate itself is parsed inside this page; only the revocation lookup leaves your browser.
Need to also verify the certificate's contents, expiry, or chain? Try the SSL Checker or the Certificate Decoder.
Subject CN
Issuer
Serial Number
Validity
Revoked On
Revocation Reason
Revocation endpoints in certificate


