Digital Signature:
how it works
Digital certificate is one use cases of digital signature.
To create the digital signature, the CA generates a message digest from the certificate, encrypts the digest with its private key, and includes the digital signature as part of the certificate. Anyone can use the message digest function and the CA’s public key to verify the certificate’s integrity.
Distributing a certificate means distributing the public key!
In TLS/SSL, client will get the server’s public key from the servers’ digital certificate ( server Hello msg)
Revoked Certificates:
Certificate Revocation List (CRL) ( basically a file contain the revoked certificate’s serial number) and Online certificate Status Procotol ( OCSP) are used to check if the certificate are revoked or not.
References:
https://technet.microsoft.com/en-us/library/cc962029.aspx
https://www.ibm.com/support/knowledgecenter/mobile/#!/SSFKSJ_7.1.0/com.ibm.mq.doc/sy10520_.htm
http://chimera.labs.oreilly.com/books/1230000000545/ch04.html#_certificate_revocation