Revoking certificates

Revoking a certificate allows you to terminate its usage before its validity period expires.

When a certificate is revoked, it is included in a Certificate Revocation List (CRL) which is distributed by the CERN CA.

You can revoke your own user certificates in the following cases:

  • The certificate is compromised because of a security incident or because it was somehow exposed. For example, you should use this option in the following cases:
    • A computer where the certificate was installed was lost or stolen.
    • Smartcard lost or stolen.
  • The certificate is superseded, i.e. you have a new certificate and you want to make the previous certificate invalid.Please note, however, that:
    • It is not recommended to revoke an old certificate if you have a new one.
    • The existance of an old certificate is not a security risk.
    • All files and emails encrypted using this certificate will be unrecoverable.
    • This operation is not reversible, and no support can be provided to recover a revoked certificate.

Please do not revoke a certificate only to stop receiving expiration reminders.
Expiration reminders for a certificate can be turned off from the My User Certificates page.

How to revoke a certificate

To revoke a user certificate, proceed to the My User Certificates page.

To revoke a host certificate, proceed to the My Host Certificates page, and provide the name of the host for which you want to revoke a certificate.

Once you see the user or host certificates list:

  • Select the certificate you need to revoke.
  • Click on the "Revoke certificate..." link from the Certificate Tasks list, then follow the provided instructions.

Created: 3/10/2020
Last reviewed: 5/2/2022
Tools:
Send the page Send  |  Printable version Print