- Not available
The correct answer is 2.
A Certificate Authority (CA) will publish its Certificate Revocation List (CRL) to identify the serial numbers of certificates that are no longer valid. The Fully Qualified Domain Name (FQDN) with the location of the CRL is placed into the CA root certificate. A host that chooses to trust the CA can use that information to periodically poll the CRL to determine which certificates have been revoked and should no longer be used.