A new version of the CERN-CA-certs package is available in the QA environment.
The new package removes the older certificates of the CERN Certification Authority. Please make sure to test your services and software with the new package.
Full details are available on the SSB entry: OTG0077330.

Revoking certificates

Revoking a certificate allows you to terminate its usage before its validity period expires.

When a certificate is revoked, it is included in a Certificate Revocation List (CRL) which is distributed by the CERN CA.

You can revoke your own user certificates in the following cases:

  • The certificate is compromised because of a security incident or because it was somehow exposed. For example, you should use this option in the following cases:
    • A computer where the certificate was installed was lost or stolen.
    • Smartcard lost or stolen.
  • The certificate is superseded, i.e. you have a new certificate and you want to make the previous certificate invalid.Please note, however, that:
    • It is not recommended to revoke an old certificate if you have a new one.
    • The existance of an old certificate is not a security risk.
    • All files and emails encrypted using this certificate will be unrecoverable.
    • This operation is not reversible, and no support can be provided to recover a revoked certificate.

Please do not revoke a certificate only to stop receiving expiration reminders.
Expiration reminders for a certificate can be turned off from the My User Certificates page.

How to revoke a certificate

To revoke a user certificate, proceed to the My User Certificates page.

To revoke a host certificate, proceed to the My Host Certificates page, and provide the name of the host for which you want to revoke a certificate.

Once you see the user or host certificates list:

  • Select the certificate you need to revoke.
  • Click on the "Revoke certificate..." link from the Certificate Tasks list, then follow the provided instructions.

Created: 3/10/2020
Last reviewed: 5/2/2022
Tools:
Send the page Send  |  Printable version Print