I wish to use client side PKI certificates. I would like to generate said certificates myself since I know the people that will be authenticating. My question is that when a certificate is generated by myself and installed on the client machine does that machine make a check on the validity of that certificate only once (when it's imported) or every time that the certificate is used (every time the site is accessed? The reason I ask is I want to know whether I will need the generating server to be online 24/7. Any good online FAQ? I found a few very bried ones lacking in technical information such as handshakes etc. I dont mind finding out for myself if someone can point me in the general direction. Thanks.