Revoking Certificates

  • Article

The Windows 2000 Certificate Services certificate database records information for each certificate the CA issues. You can use the Certification Authority console to revoke issued certificates. For example, you might revoke the certificates issued for employees who are terminated or who have transferred to another unit. You also might revoke certificates when you suspect or discover that private keys have been compromised or misused. Until they expire, revoked certificates are published in the certificate revocation list.

When a certificate has been revoked, it is invalid and cannot be made valid again. If you revoke a certificate by mistake, you can re-issue a new valid certificate to take the place of the revoked certificate.

To use the Certification Authority console to revoke a certificate, select the Issued Certificates container for the CA and click the certificate in the details pane of the console. Then click Action , All Tasks , and Revoke Certificate . When the Certificate Revocation dialog box appears, select a reason code from the list in the Select a reason code box, and then click Yes to revoke the certificate. Reason codes include: Unspecified, Key Compromise, CA Compromise, Change of Affiliation, Superceded, Cease of Operation, and Certificate Hold. Revoked certificates are moved to the Revoked Certificates container of the CA.