Revoking a Certificate Authority Version

Revoke a certificate authority (CA) version when its certificate becomes invalid before the end of its validity period.


The Certificates service supports the revocation only of resources issued by an internal CA. You can't use the service to revoke an externally managed or imported certificate. You also can't revoke a CA version for a root CA.

The certificate for a CA version might become invalid if the name of its owner changes, if the relationship or association between a certificate subject and the issuing CA changes, or if the private key of the certificate is compromised or suspected to be compromised. Revocations are immediate and you cannot reverse them.

    1. Open the navigation menu and click Identity & Security.
    2. Under Certificates, click Certificate Authorities.
    3. From the list of CAs in the compartment, click the name of the CA with the CA version that you want to revoke.

      To find a CA in a different compartment, under List scope, choose a different compartment.

    4. Under Resources, click Versions.
    5. Under Versions, find the CA version that you want to revoke.
    6. Click the Actions menu (Actions Menu) for the CA version, and select Revoke Version.
    7. Under Revocation Reason, choose the reason that you're revoking the certificate version from the list.
    8. To confirm the revocation, enter the CA version number in the text box.
    9. Click Revoke Version.
  • Use the oci certs-mgmts certificate-authority-version revoke command and required parameters to revoke a CA version:

    oci certs-mgmt certificate-authority-version revoke --certificate-authority-id <CA_OCID> --version-number <CA_version_number>

    For example:

    oci certs-mgmt certificate-authority-version revoke --certificate-authority-id ocid1.certificateauthority.oc1.<region>.<unique_id> --version-number 3

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  • Run the RevokeCertificateAuthorityVersion operation to revoke a CA version.