If a certificate authority (CA) certificate is compromised
and the servers cannot trust it anymore that CA certificate can be
revoked. To revoke a CA certificate, you perform the following task.
Before you begin
You use the administrative console to replace or revoke a
CA certificate.
Procedure
- Click Security > SSL certificate and key management.
- Under Related Items, click Key stores and certificates.
- Click a <keystore name> to which you want
to add the new CA certificate.
- Under Additional Properties, click Personal certificates to
list the personal certificates.
- Select a certificate to revoke (a CA certificate)
- Click the Revoke button.
- Fill in the following information to the CA certificate
section.
- Revocation password
- Revocation reason
- Click Apply then OK.
Results
The certificate is revoked in the key store selected in the
path. If the certificate selected was not a CA certificate, then an
error is returned.