* Explicit revocation:
Certificate authorities periodically check the status of certificates they issue. Explicit revocation occurs when the certificate authority determines that a certificate should no longer be trusted, and it is added to the Certificate Revocation List (CRL).
If the certificate gets compromised or stolen, the certificate owner, relying party, or the CA itself can request the CA to revoke the certificate before its expiry.
* Implicit revocation:
By default, certificates have a finite lifetime. When the validity period ends, the certificate stops functioning even without an explicit revocation.
Explicit revocation is necessary in cases where a certificate is compromised or stolen, or if the subject information in the certificate is no longer accurate. It is a critical security measure that allows CAs to protect the security of their certificates.