Embedding certificate data in the application code

Submitting public keys via an HTTP header

Periodically obtaining a time-stamped OCSP response from the CA

Publishing a complete Certificate Revocation List (CRL)

Expired certificate, server hardware upgrade, DNS change

Misuse of the certificate, key compromise, cessation of operation

Regular maintenance, software updates, network reconfiguration

Change of company name, server relocation, domain name expiration

To provide a complete Certificate Revocation List (CRL)

To return the status of a requested certificate without providing a complete CRL

To issue new digital certificates

To configure web servers for HTTPS connections

To ensure proper certificate inspection by clients

To mitigate against downgrade attacks by enforcing HTTPS connections

To preload browsers with a list of trusted sites

To obtain up-to-date certificate status information from the CA

To provide up-to-date information on the validity of certificates

To issue new digital certificates

To revoke certificates that are no longer valid

To configure web servers for HTTPS connections

To preload browsers with a list of sites that should never be accessed using HTTPS

To configure web servers for HTTPS connections

To issue new digital certificates

To mitigate against downgrade attacks

To notify browsers to connect to websites using HTTP only

To mitigate against downgrade attacks by enforcing HTTPS connections

To configure web servers for HTTPS connections

To preload web browsers with a list of trusted sites