+

Search Tips   |   Advanced Search

Revoking a CA certificate in SSL

If a certificate authority (CA) certificate is compromised and the servers cannot trust it anymore that CA certificate can be revoked. To revoke a CA certificate, we perform the following task.

We use the administrative console to replace or revoke a CA certificate.


Tasks

  1. Click Security > SSL certificate and key management.

  2. Under Related Items, click Key stores and certificates.

  3. Click a <keystore name> to which we want to add the new CA certificate.

  4. Under Additional Properties, click Personal certificates to list the personal certificates.

  5. Select a certificate to revoke (a CA certificate)

  6. Click the Revoke button.
  7. Fill in the following information to the CA certificate section.

    • Revocation password
    • Revocation reason

  8. Click Apply then OK.

The certificate is revoked in the key store selected in the path. If the certificate selected was not a CA certificate, then an error is returned.


What to do next

  • Create a Secure Sockets Layer configuration
  • PersonalCertificateCommands