Revoke

Certificate revocation is the process of invalidating a digital certificate before its scheduled expiration date. Revocation is typically done when a CA’s certificate is compromised, expired, or no longer needed. This is done to ensure the security and trustworthiness of systems that rely on certificates for authentication, encryption, and secure communication. As soon as the certificate is revoked, the certificate is no longer considered to be trusted. Revoked certificates are listed in the Certificate Revocation List (CRL) maintained by each certificate authority.
Note: Revocation can be performed only on PKIaaS subordinate CAs.

To revoke CA:

  1. Go to (Menu) icon > PKI+ > CA Inventory.
    The CA Inventory page appears.
  2. Select the check box against the CA Name you want to renew.
  3. Click Actions and select Revoke from the dropdown menu.
    The CA Certificate Revoke window is displayed.
  4. Select the reason for revocation from the dropdown list.

    By default, the reason for revocation is set to Key compromise, and the Revoke All Certificates checkbox is disabled. This action will revoke every CA certificate linked to this private key, including all the renewed versions. As a result, all related end-entity certificates will be invalidated.

    On selecting a different revocation reason and unselecting the Revoke All Certificates checkbox, you can revoke only the currently active CA certificate linked to this private key. As a result, all related end-entity certificates will be invalidated.

  5. Click Revoke.
    A message, Revoking this Certificate Authority (CA) may disrupt certificate validation and affect trust for all issued certificates. Please ensure that you understand the impact before proceeding with revocation.This will affect the autoenrollment configuration. Please verify the autoenrollment settings having this CA, is displayed.
  6. Click Proceed to confirm the changes.
    The custodians receive an email with the subject line, PKIaaS CA Management: CA revocation, in their inbox. Approval can be done either via email or by clicking the (Notification Center) on the top right-hand-corner of the page.

    Once the necessary custodian approvals are completed, the Approval Status changes from Revocation - Approval Pending to Revocation Approved.

    You can view all the revoked CAs by selecting Revoked option from Filter by Status.