WAS v8.5 > Secure applications > Secure communications > Create an SSL configurationRevoking a CA certificate in SSL
If a certificate authority (CA) certificate is compromised and the servers cannot trust it anymore that CA certificate can be revoked. To revoke a CA certificate, you perform the following task.
Use dmgr console to replace or revoke a CA certificate.
- Click Security > SSL certificate and key management.
- Under Related Items, click Key stores and certificates.
- Click a <keystore name> to which to add the new CA certificate.
- Under Additional Properties, click Personal certificates to list the personal certificates.
- Select a certificate to revoke (a CA certificate)
- Click the Revoke button.
- Fill in the following information to the CA certificate section.
- Revocation password
- Revocation reason
- Click Apply then OK.
Results
The certificate is revoked in the key store selected in the path. If the certificate selected was not a CA certificate, then an error is returned.
Related
Create an SSL configuration
Reference:
PersonalCertificateCommands command group for AdminTask