A Public key infrastructure is a system that incorporates asymmetric encryption and certificate to provide security. There are two principals actors: The client and the certificate authority(CA). The Cryptographic Service Provider (CSP) on the client side generates the key pair. Once the key pair has been generated, the client will keep the private key and send the public key with the certificate request to the CA. The client will use its private key to digitally sign that message. At this stage, the CA will either approve or deny the request. The Registration authority (RA) is another entity that can proxy certificate request to the CA on behalf of the client. When a certificate has been compromised it is revoked in the CA and updated to the Certificate Revocation List (CRL). The disadvantages of a certificate being revoked are that client has to go to the full list of what they are looking for. With the Online Certificate Status Protocol (OSCP), we only check for the validity of individual certificate without going to the full list thus improving performance. The standard for the certificate is the X.509 standard.
After restarting my computer today, It reset the time automatically to an outdated one. Eager I was to check my Gmail and Facebook account, while entering the URL in the browser I got the following errors : The certificate will not be valid until 5/18/12 3:00 AM. The current time is 1/1/01 8:44 PM.
(Error code: sec_error_expired_issuer_certificate).
My machine had the 1/1/01 set as date meaning that many webservers could not authenticate to my web browser because of an outdated time leading to an expired certificates. The only way to fix it was to adjust the time accordingly and there I enjoyed my Facebook again and again.