Is it possible to implement revocation checking on a digital certificate (a *.cer file) with a Java program, without any connection to the Internet by the program?
I can download the CRL from a CA's web site and put it on the server where the program is running. How does my program check the certificate's revocation status against that downloaded CRL?
If you want to rely on your CRL, you have to keep the CRL up to date. I do not recomment this.
When to update the CRL? CRLs may contain an expiration date, in which case you need to download the "newer-released" CRL after that date. (sometimes CA publish CRLs before their expiration date, you should check that as well)
To rely solely on CRLs you need to check the 'revokedCertificates' field from the X509CRL. If your certificate is contained in the collection it was revoked. Keep in mind to check the revocation date if it is on the list.
I would recomment to read the RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile as well.