17Nis
How can I ensure that a CSR doesn’t rely on a revoked private key
CRL lists the revoked certificates of a CA by sending back to the user the Serial Number of each certificate, nothing related to the public key. I don't know how it works for OCSP.
Is there a technical way on the CA side (beyond the organizational processes) to ensure that the private key used for generating the CSR was not already used in a revoked certificate? Then the idea would be to reject the CSR by indicating that the private key cannot be trusted. This question focuses on RSA or ECC certificates.
