Revoking certificates
Revoking a certificate allows you to terminate its usage before its validity period expires.
When a certificate is revoked, it is included in a Certificate Revocation List (CRL) which is distributed
by the CERN CA.
You can revoke your own user certificates in the following cases:
- The certificate is compromised because of a security incident or because it was somehow exposed. For
example, you should use this option in the following cases:
- A computer where the certificate was installed was lost or stolen.
- Smartcard lost or stolen.
- The certificate is superseded, i.e. you have a new certificate and you want to make the previous
certificate invalid.Please note, however, that:
- It is not recommended to revoke an old certificate if you have a new one.
- The existance of an old certificate is not a security risk.
- All files and emails encrypted using this certificate will be unrecoverable.
- This operation is not reversible, and no support can be provided to recover a revoked certificate.
Please do not revoke a certificate only to stop receiving expiration reminders.
Expiration reminders for a certificate can be turned off from the
My User Certificates page.
How to revoke a certificate
To revoke a user certificate, proceed to the My User Certificates
page.
To revoke a host certificate, proceed to the My Host Certificates
page, and provide the name of the host for which you want to revoke a certificate.
Once you see the user or host certificates list:
- Select the certificate you need to revoke.
- Click on the "Revoke certificate..." link from the Certificate Tasks list, then follow the provided
instructions.