Implementing a System for Checking Validity of Certificates without Internet Access

C.

The correct answer is C. CRL (Certificate Revocation List).

When a digital certificate is issued by a Certificate Authority (CA), it is valid for a certain period of time. However, there are certain situations where a certificate must be revoked before its expiration date. For example, if the private key associated with the certificate is compromised, or if the certificate was issued based on fraudulent information.

When a certificate is revoked, it is added to a list called a Certificate Revocation List (CRL), which is maintained by the CA. The CRL contains information about each revoked certificate, such as its serial number, the date it was revoked, and the reason for revocation.

In order to ensure that invalid certificates are not used by a custom developed application, the security administrator must implement a system to check the validity of certificates, even when internet access is unavailable. This can be achieved by implementing a local CRL on the system where the application is running. This way, the application can check the local CRL to see if a certificate has been revoked, even if it cannot connect to the internet to check the CA's CRL.

Option A, CSR (Certificate Signing Request), is not relevant to this requirement. A CSR is used to request a digital certificate from a CA.

Option B, OCSP (Online Certificate Status Protocol), is used to check the revocation status of a certificate in real-time. However, this requires internet access, so it does not meet the requirement of being able to check the validity of certificates when internet access is unavailable.

Option D, SSH (Secure Shell), is a protocol used for secure remote access to systems. It is not relevant to this requirement.