Revoking a Certificate Version

Revoke a certificate version to stop its use before its scheduled expiration.

A certificate authority (CA) revokes a certificate version when the certificate version becomes invalid before the end of its validity period. A certificate version might become invalid if the name of its owner changes, if the relationship or association between a certificate subject and the issuing CA changes, or if the private key of the certificate is compromised or suspected to be compromised. Revocations are immediate and you can't reverse them.

Note

The Certificates service supports the revocation only of resources issued by an internal CA. You can't use the service to revoke an externally managed or imported certificate. You also can't revoke a CA version for a root CA.
    1. Open the navigation menu and click Identity & Security.
    2. Under Certificates, click Certificates.
    3. From the list of certificates in the compartment, click the name of the certificate with the certificate version that you want to revoke.

      To find a certificate in a different compartment, under List scope, choose a different compartment.

    4. Under Versions, find the certificate version that you want to revoke.
    5. Click the Actions menu (Actions Menu) for the certificate version, and select Revoke Version.
    6. Click Revocation Reason, and then choose the reason that you're revoking the certificate version.
    7. To confirm the revocation, click the text box and enter the certificate version number.
    8. Click Revoke Version.
  • Use the oci certs-mgmt certificate-version revoke command and required parameters to revoke a certificate version:

    oci certs-mgmt certificate-version revoke --certificate-id <certificate_OCID> --version-number <certificate_version_number>

    For example:

    oci certs-mgmt certificate-version revoke --certificate-id ocid1.certificate.oc1.<region>.<unique_ID> --version-number 2

    For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.

  • Run the RevokeCertificateVersion operation to revoke a certificate version.