Final answer:
A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by a CA before their expiration. It is crucial for maintaining the integrity and trustworthiness of digital certificates, and it is needed when certificates are compromised or not valid anymore due to various reasons like key exposure or change of control over the domain.
Step-by-step explanation:
A Certificate Revocation List (CRL) is a list used in the field of digital security. It contains serial numbers of digital certificates that have been revoked by the certificate authority (CA) before their scheduled expiration date. A digital certificate is usually revoked if it is compromised, if the CA that issued it is no longer trusted, or if the owner of the certificate no longer has control over the domain for which it was issued. A CRL must be checked to ensure that the certificate in question is still valid and trustworthy.
A CRL would be needed, for example, when an organization's private key has been stolen or exposed. In such cases, the corresponding certificate’s integrity is compromised, necessitating immediate revocation to prevent misuse. Another scenario could be when an employee leaves a company, and their credentials should no longer be trusted or valid.