Revoking a CA certificate in SSL
If a certificate authority (CA) certificate is compromised and the servers cannot trust it anymore that CA certificate can be revoked. To revoke a CA certificate, you perform the following task. You use the admin console to replace or revoke a CA certificate.
- Click Security > SSL certificate and key management.
- Under Related Items, click Key stores and certificates.
- Click a <keystore name> to which you want to add the new CA certificate.
- Under Additional Properties, click Personal certificates to list the personal certificates.
- Select a certificate to revoke (a CA certificate)
- Click the Revoke button.
- Fill in the following information to the CA certificate section.
- Revocation password
- Revocation reason
- Click Apply then OK.
ResultsThe certificate is revoked in the key store selected in the path. If the certificate selected was not a CA certificate, then an error is returned.
Create an SSL configuration