11.3.8.3. Procedure – Revoking a certificate
To revoke a certificate, complete the following steps.
Select the certificate to be revoked.
Note, that it is possible to multi-select a number of certificates for the Revoke activity. However, if the certificate has no Issuer, the Revoke button will not be active.
Note It is possible to multi-select a number of certificates for the
activity. However, if the Issuer of the selected certificates is not the same, the Revoke button will not be active.Note Note that if the certificate(s) selected for Revoke is in use in the current configuration, a warning will be displayed to inform the administrator. It is important that in case a certificate is in use, it cannot be revoked. If the certificate in use is part of a multiple selection of certificates for the Revoke activity, none of the selected certificates will be revoked.
For general certificates, click on
either on the or the tab. CA certificates can be revoked from either the or the tab.Note Only certificates signed by local CAs can be revoked.
Self-signed CA certificates cannot be revoked.
Enter the password of the issuer CA. If the private key associated to the certificate is to be revoked as well, check the
checkbox. Click .Tip If the private key of a certificate has been compromised, the private key should be revoked along with the certificate. Generally it is recommended to generate new keys each time a certificate is refreshed.
Following the
of the certificate, the certificate will disappear from the lists of certificates on the tab, and will only appear on the tab, in the list of its CA.The CRL of the issuer CA is refreshed automatically.
The revocation will be effective on the PNS hosts only when their CRL information is updated from MS. If MS is not configured to perform distribution automatically (or the update should be made available immediately), it can be performed manually through the menu item.
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu