Certificate Revocation

This section takes you through the process of revoking a certificate.

Demonstrate the process of revoking a certificate from the end-entity interface and from the agent interface.

CMS4 Help on User Enrollment

Overview

Certificate Management System allows a certificate to be revoked by an end entity (the original owner of the certificate) or by a Certificate Manager or Registration Manager agent.


Figure 6.12

End Entity Revocation Procedure

Connect to the end-entity interface as described in previous modules. Remember to use httpswhen entering the end-entity interface URL.

You may be presented with a "New Site Certificate". If so, step through the dialogue and accept the certificate.

Click the Revocation tab on the top of the form. You are taken to the User Certificate Revocation form. Note the warning regarding the irreversible nature of any certificate revocation.

Select one of the "Revocation Reasons" and click the Submit button.

You are presented with the Select A Certificate dialogue box. Using the drop down menu, choose one of the certificates and click Continue.

You may be asked to provide a password for the certificate database.

With the successful revocation of the selected certificate, you are presented with the message:

Revocation Success

The following certificate has been revoked:

Serial number

XXX


Agent Revocation Procedure

Connect to the agent interface as described in previous modules.

To revoke one or more certificates, you must search for the certificates you want to revoke using the Revoke Certificates button. The Search Results form returned by this search gives you the option of revoking one or all of the found certificates.

Searching for Certificates to Revoke

From the Certificate Manager Agent Services page, click Revoke Certificates.

In the Search for Certificates form, specify the search criteria by selecting the checkboxes for the sections you want to use, then filling in the required information.

Scroll to the bottom of the form and select a number of matching certificates to display.

ClickFind.

The search returns a list of matching certificates. You can revoke one or all of the certificates in the list.


Revoking One Certificate

Following a revocation search (see the previous topic) on the Search Results form, find the certificate you want to revoke.

If the certificate you want is not shown, scroll to the bottom of the list, specify an additional number to search for, and click Find. The next set of matching certificates is displayed.

Click the Revoke button next to the certificate that you want to revoke.

Confirm the revocation in the resulting form (see below).


Revoking Multiple Certificates

From the Search Results page, scroll to the bottom to reach the Revoke All n Certificates button. The number shown in the button is the total number of certificates returned by the search.

Note that this is usually a larger number than the number of certificates displayed on the current page.

Verify that all of the certificates returned by the search should be revoked (not just the ones displayed on the current page).

Click Revoke All n Certificates at the bottom of the form.

Confirm the revocation in the resulting form (see below).


Confirming a Revocation

The Certificate Revocation Confirmation form appears. To confirm the revocation:
  • Inspect the details of the certificate and verify that it is the one you want to revoke. If you are revoking more than one certificate, the form shows details of all the listed certificates.

  • Select a reason for the revocation. The reason applies to all the listed certificates.

    Optionally, enter any additional comment. The comment will be included in the revocation request.

  • Click Submit.

The revocation request is submitted; it is automatically approved, and the certificate is revoked.


Top of Page
Copyright © 1999 Sun-Netscape Alliance.
All Rights Reserved.