Revoke certificate in Certificate Manager
This article describes how to revoke a certificate that is produced by Smart ID Certificate Manager (CM). The certificate can be a public key certificate (PKC) or an attribute certificate (AC). This task is done in the Certificate Controller (CC) in Certificate Manager (CC).
The article explains the handling of PKCs but it applies to ACs as well, with the only difference that the role 'Revoke attribute certificate' corresponds to the role 'Revoke certificate' and the role 'Revoke attribute certificate with password' corresponds to the role 'Revoke certificate with password'.
Use revocation roles to obtain different levels of security when performing revocation tasks. This table shows the security levels:
Security level | Roles | Type of revocation |
---|---|---|
High | Revoke certificate with password | Password required |
Medium | Revoke certificate with password and | Manual verification or password required |
Low | Revoke certificate | Unconditional |
Although putting a certificate on hold is similar to a revocation it is described separately in Put certificate on hold in Certificate Manager.
Prerequisites
This task requires that:
The Certificate Controller (CC) is running.
The officer has the following role:
Revoke certificate OR
Revoke certificate with password
Enough information is known to identify the certificate in the database.
A search for the certificate(s) have been made as described in Search for certificates in Certificate Manager and the user certificate(s) to be revoked are all present in the result pane.
Revoke certificate
In the CC application window, open the Action drop down list and select a reason.
Select one or more certificates in the upper half of the result pane. (Press the Ctrl key on the keyboard to make multiple selections.) If you want to revoke several certificates in the same request, they will all be given the same reason code.
Click Add to move the certificate(s) to the lower half of the result pane.
Click Submit.
If you have the role 'Revoke certificate with password', the dialog box Enter Revocation Password will appear. Enter the password and click OK.
If you have the roles 'Revoke certificate' and 'Revoke certificate with password', the dialog box Verify Revocation will appear.
You can revoke the certificate with password or without the password, provided that the certificate owner can present other data, only known by that certificate owner, and that these data can be verified by you (the officer).
Check Verification made and click OK.
Enter your PIN code in Signature PIN.
Click OK.