+

Search Tips   |   Advanced Search

Revoking a CA certificate in SSL

If a certificate authority (CA) certificate is compromised and the servers cannot trust it anymore that CA certificate can be revoked. To revoke a CA certificate, you perform the following task.

Use console to replace or revoke a CA certificate.

  1. Click Security > SSL certificate and key management.

  2. Under Related Items, click Key stores and certificates.

  3. Click a <keystore name> to which to add the new CA certificate.

  4. Under Additional Properties, click Personal certificates to list the personal certificates.

  5. Select a certificate to revoke (a CA certificate)

  6. Click the Revoke button.

  7. Fill in the following information to the CA certificate section.

    • Revocation password

    • Revocation reason

  8. Click Apply then OK.


Results

The certificate is revoked in the key store selected in the path. If the certificate selected was not a CA certificate, then an error is returned.


What to do next


Related tasks

  • Create a Secure Sockets Layer configuration

  • PersonalCertificateCommands (AdminTask)