A security administrator must implement a system to ensure that invalid certificates are not used by a custom developed application. The system must be able to check the validity of certificates even when internet access is unavailable. Which of the following MUST be implemented to support this requirement? 

Answer options:

A. CSR
B. OCSP
C. CRL
D. SSH

C