Can I Discontinue a Private CA After It Issues A Private Certificate?

You can use either of the following methods to disable some functions of a private CA or discontinue a private CA:

• If you do not need to use a private CA to issue certificates but need to use it to revoke certificates or sign CRLs, you can disable the private CA. After a private CA is disabled, using of all certificates subordinated to the CA is not affected. For details, see Disabling a Private CA.
  

  Disabled private CAs will also be billed.

• If you no longer need a private CA, delete it. When a private CA is deleted, the billing stops. The exported certificates (not revoked) can still be used. However, all certificates subordinated to the private CA cannot be revoked, and the CRL cannot be updated. All private certificates issued by the private CA or its subordinate CAs cannot be exported. For details, see Deleting a Private CA.