Server certificate revocation.

Server certificate revocation is a security measure used in the context of SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols. It's a process through which a certificate authority (CA) declares a previously issued digital certificate as invalid before its expiration date. This is typically done if the private key associated with the certificate is compromised, or if the certificate was issued in error.

Here's how the process works:

1. Compromised Private Key: If a server's private key, which is used to decrypt data sent by clients, is compromised (for example, due to a security breach), it's critical to revoke the certificate associated with that private key. This prevents an attacker from using the compromised certificate to conduct man-in-the-middle attacks.
2. Certificate Revocation List (CRL): When a certificate is revoked, the CA maintains a Certificate Revocation List (CRL), which is a list of all revoked certificates. The CRL is periodically updated and published by the CA. Clients can check this list to verify if a certificate is still valid.
3. Online Certificate Status Protocol (OCSP): Instead of relying solely on CRLs, some systems use OCSP. OCSP provides real-time certificate status information and allows a client to determine whether a certificate is still valid by querying the CA or a responder designated by the CA.
4. Browsers and Applications: Web browsers and other applications that use SSL/TLS will check for certificate revocation before establishing a secure connection. If a certificate is found on the CRL or the OCSP responder reports it as revoked, the connection will be refused.
5. Expiration: Certificates also have an expiration date. Even if a certificate hasn't been compromised, it will become invalid after its expiration date, and a new certificate will need to be issued.

It's worth noting that while certificate revocation is an important security measure, it's not always foolproof. Some clients may not check for revocation, or they may not do so in a timely manner. Therefore, other security measures, like certificate pinning, are also used to enhance security.

In practice, when you encounter a warning about a revoked certificate, it's important to take it seriously and not proceed unless you're certain that the situation is legitimate and secure.