How-To: Revoke an X509 SSL Certificate

How to Revoke an SSL Certificate

To revoke a certificate in EZCA, follow these steps:

1. Login to the EZCA portal at https://portal.ezca.io.

2. Navigate to the Certificates section:

   

3. In the list of certificates, locate the certificate you wish to revoke.

4. Click on the Revoke button next to the certificate.

   

5. Confirm the revocation action when prompted by pressing Revoke.

   

Notes on Certificate Revocation

Can I Unrevoke a Certificate?

No, once a certificate is revoked, it cannot be unrevoke. Revocation is a permanent action that invalidates the certificate indefinitely. If you need to replace a revoked certificate, you will need to issue a new certificate.

Why is My Certificate Still Working Even After Revocation?

When you revoke a certificate, it is added to the Certificate Revocation List (CRL). However, each CA has a defined CRL publication interval, which determines how often the CRL is updated and distributed. Until the next CRL update occurs, systems relying on the certificate may still consider it valid. Depending on your CA’s configuration, this interval can range from minutes to hours or even days. Refer to your CA’s details in EZCA to check the CRL publication interval.

If you are leveraging OCSP (Online Certificate Status Protocol), revocation status can be checked in real-time, allowing for immediate recognition of revoked certificates. However, not all applications and systems support OCSP for revocation checking.

Can I Change My CRL Publication Interval to Speed Up Revocation Checking?

While you can change the CRL publication interval for future updates, it will not affect the current revocation status of already revoked certificates. The existing certificate and downstream systems will still rely on the previously set interval until the next scheduled update.

How Do I Revoke Other Types of Certificates?

Refer to this guide for information on how to revoke other types of certificates, including SCEP certificates.