Skip to main content
Skip table of contents

Revoke SA in Certificate Manager

This article is added for CM 8.10. 

This article describes how to revoke a Signing Authority (SA) in Smart ID Certificate Manager (CM).

This task is done in Administrator's workbench (AWB).

An SA with an external issuer can be set as revoked with the Externally Revoked Authority command from the Tools menu. This will only change the state of the SA in the database. However, an SA must be set as revoked to be able to remove its key.


The SA tasks require a specific license option.

The following task requires MSO signatures to be completed.

Both officers must have the following roles:

  • Use AWB

  • Signing Authority and SA Key tasks

A connection to the CM host must have been established. See Connect to a Certificate Manager host.

Revoke SA

  1. In AWB, select the CA/SA to be revoked by highlighting it.

  2. Select Tools > Revoke Authority and select the revocation reason from the sub-menu.

  3. In the Signature dialog box, enter the PIN code. See Sign tasks in Certificate Manager for more information.

Revocation reasons

The available revocation reasons depends on the type of CA/SA and the current state of the CA/SA. The following table shows the available reasons and how a reason can be changed.

Current CA state and type

New state or reasons

Active CA

All reasons except On Hold

Active CA with external key

All reasons including On Hold

On Hold CA with external key

Reinstate or all reasons except On Hold

Revoked CA, Affiliation Changed, Superseded or Cessation of Operation

Key-, CA- or AA Compromise

Revoked CA, CA- or AA Compromise

Key Compromise

Revoked CA, Key Compromise


The On Hold reason can only be set on a CA with external key.

Not all reason codes are available for Signing Authorities, for example, CaCompromise and AACompromise.

Additional information

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.