ApacheWeek: Using Certificate Revocation Lists
"One of the most common kinds of access control for secure web servers is Basic Authentication, in which a login and password are required. Access controls can apply to part or all of a web site. The restricted area is called the "authorization realm." Even though Basic Authentication is the most common kind of access control, it is not the most secure. The most secure kind of access control is Client Authentication."
"Client Authentication uses client certificates installed in users' web browsers or other client applications (clients) to authenticate users, and only lets clients with the right client certificates into the authorization realm. (In this article, an authorization realm with client authentication will be called a "Client Authentication Realm.")" This article explains how to configure Apache+mod_ssl to keep clients with revoked client certificates out of a Client Authentication Realm.