Revoking a CA certificate in SSL

If a certificate authority (CA) certificate is compromised and the servers cannot trust it anymore that CA certificate can be revoked. To revoke a CA certificate, you perform the following task. You use the admin console to replace or revoke a CA certificate.


  1. Click Security > SSL certificate and key management.

  2. Under Related Items, click Key stores and certificates.

  3. Click a <keystore name> to which you want to add the new CA certificate.

  4. Under Additional Properties, click Personal certificates to list the personal certificates.

  5. Select a certificate to revoke (a CA certificate)

  6. Click the Revoke button.

  7. Fill in the following information to the CA certificate section.

    • Revocation password

    • Revocation reason

  8. Click Apply then OK.



The certificate is revoked in the key store selected in the path. If the certificate selected was not a CA certificate, then an error is returned.


Next steps


Related tasks

Create an SSL configuration