Visit Nexus to get an overview of Nexus' solutions, read customer cases, access the latest news, and more.

This article is valid for Certificate Manager 8.1 and later.

Certificates that have been issued by an authorized ACME account can be revoked via the ACME protocol, as long as these requirements apply: 

  • Valid certificate
    The certificate to be revoked must be valid. Protocol Gateway does not allow revocation of expired or already 
    revoked certificates.
  • Allowed reason codes
    The following reason codes are allowed:

    • Unspecified (0)

    • KeyCompromise (1)

    • AffiliationChanged (3)

    • Superseded (4)

    • CessationOfOperation (5)

  • Requested by an account
    The revocation of a certificate can be requested by an authorized ACME account. These
    accounts are considered authorized for a certificate:

    • the account that issued the certificate

    • an account that holds authorizations for all of the domain names in the certificate

  • Requested by the certificate's private key
    The revocation of a certificate can be requested by signing the request with the private key 
    corresponding to the public key in the certificate to revoke. This proves that the requester holds the private key and thus is considered the owner of the certificate.