Revoking a Certificate Authority Version
Revoke a certificate authority (CA) version when its certificate becomes invalid before the end of its validity period.
The Certificates service supports the revocation only of resources issued by an internal CA. You can't use the service to revoke an externally managed or imported certificate. You also can't revoke a CA version for a root CA.
The certificate for a CA version might become invalid if the name of its owner changes, if the relationship or association between a certificate subject and the issuing CA changes, or if the private key of the certificate is compromised or suspected to be compromised. Revocations are immediate and you cannot reverse them.