Updated on 2024-12-13 GMT+08:00

Revoking an SSL Certificate

You can revoke a certificate that has been issued by a CA. A revoked certificate is no longer trusted and can no longer be used for certificate-based encryption.

If you no longer need an issued SSL certificate for security reasons or other reasons, for example, the certificate key is lost, you can revoke the certificate on the SCM console.

After a certificate is revoked, all its records, including CA records, will be cleared and cannot be restored. Therefore, exercise caution when revoking a certificate.

After a certificate is revoked, it cannot be reissued. However, if certain conditions are met, you can apply for a new certificate.

Prerequisites

The certificate is in the Issued state.

Constraints

  • Only issued certificates can be revoked.
  • An uploaded certificate cannot be revoked.
  • A certificate in the renewal period cannot be revoked. So, a certificate cannot be revoked within one month before it expires.
  • After a certificate revocation application is submitted, it cannot be canceled. Certificate revocation does not affect the purchase of new certificates.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. The service console is displayed.
  3. In the navigation pane on the left, choose SSL Certificate Manager > SSL Certificates.
  4. In the row containing the certificate you wish to revoke, in the Operation column, click Revoke or More > Revoke, as shown in Figure 1.

    Figure 1 Revoke

  5. In the dialog box displayed, enter "REVOKE" and click Submit.

    If the Certificate revoked successfully message is displayed in the upper right corner, the certificate revocation application has been submitted, and the certificate will be revoked after the application is approved by the CA.

    After a certificate revocation application is submitted, it cannot be withdrawn. Exercise caution with a certificate revocation application.

    Figure 2 Revoke Certificate

  6. (Optional) To revoke an OV or EV certificate, confirm the revocation by email.

    After you submit a certificate revocation application, the CA will send a confirmation email to the email address you provide when you apply for the certificate. Check your email and confirm the certificate revocation in a timely manner.

    After you confirm the revocation by email, the OV and EV certificates will be revoked.