Revocation Requests

A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their actual or assigned expiration date.

Certificate revocation is a process in which a certificate's usage is terminated before the validity period expires. There are multiple reasons for certificate revocation, which are:

Unspecified - This reason indicates that the certificate is revoked for an unknown reason.

Affiliation Changed - This reason indicates that the subject's name or other information has changed.

Superseded - This reason indicates that the certificate has been superseded, a new certificate is replacing an existing certificate.

Cease of Operation - A server or a computer is decommissioned, and all the certificates issued to the server are no longer required.

Privilege Withdrawn - This reason indicates that the privileges granted to the subject of the certificate have been withdrawn.

AA Compromise - This reason indicates that it is known or suspected that the certificate subject's private key has been compromised.

Key Compromise - This reason indicates that it is known or suspected that the certificate subject's private key has been compromised.

CA Compromise - This reason indicates that it is known or suspected that the certificate subject's private key has been compromised.

Certificate Hold - This reason indicates that the certificate has been put on hold (Revoke temporarily). One of the following hold instructions should be provided:

id-holdinstruction-none
id-holdinstruction-callissuer
id-holdinstruction-reject

An Administrator can approve a user's revocation.

Click "Certificate Requests", the menu will toggle down.
Click "Revocation Requests", then button, and "View Request" as displayed in the screenshot below:

The request will appear on the screen, where you will scroll through four steps (SDNs, Certificate Validity, Vetting Form and Message). Click on Approve and you will see a similar screen for approval. Once you click Ok, a roaster message will be displayed Certificate revoke certificate reviewed.

Certificate Suspension (Dual Control)

Certificate suspension is an action that ensures temporarily invalidity of certificate.

Note:

Certificate suspension is a temporary status. Upon certificate suspension, no action will be taken for certificates existing in SigningHub or CSP.
If a certificate is provisioned in SigningHub, it will not be de-provisioned in case of suspension. A user will have to delete the certificate manually from SigningHub.
However, a certificate can be permanently revoked or reinstated.Once a suspended certificate is permanently revoked, then it will be deleted from the CSP Service and SigningHub.

Click "Dual Control". (This functionality only works when it is allowed in the Dual Control section, then click "Requests".
Once you click the button, click "View Request" (of an approved certificate). This certificate's status will appear as "Reviewed".

The status of the certificate will be Suspended and can be viewed in the Certificates listing. (Admin > Certificates).

Reinstate Certificate

A revoked certificate can be activated by using the Reinstate option.

Once a user has requested to reinstate a certificate via Web Portal, this certificate request will be listed under the Revocation Requests listing.

Click Requests from the admin portal, it will toggle down a sub menu, then click "Revocation Requests".

Click and then click on View Request.

Click button and then "More Actions" against the suspended certificate that you want to reinstate.

A "Certificate Action" screen will be displayed. Select "Reinstate" from the action drop down, check the confirmation message and then click "Reinstate".