All Products
Search
Document Center

:Revoke a private CA or a compliant CA

Last Updated:Jul 11, 2024

If you no longer require a root certificate authority (CA) or an intermediate CA that is enabled before the CA expires, you can revoke the CA in the Certificate Management Service console. This topic describes how to revoke a root CA or an intermediate CA.

Prerequisites

  • No issued certificates exist in the certificate list of the root CA or the intermediate CA.

    If one or more issued certificates exist in the certificate list of the root CA or the intermediate CA that you want to revoke, you must revoke the issued certificates before you revoke the CA. For more information, see Revoke a private certificate.

  • The root CA or the intermediate CA is enabled.

    Warning

    You cannot claim a refund for a root CA or an intermediate CA that is revoked. After an intermediate CA is revoked, you cannot apply for private certificates from the intermediate CA, and the intermediate CA cannot issue private certificates.

Procedure

  1. Log on to the Certificate Management Service console.

  2. In the left-side navigation pane, choose Manage Certificates > PCA Certificate Management.

  3. On the Private CAs tab, find the private CA that you want to revoke and click Revoke in the Actions column. The private CA must be in the Enabled state.

    Both root CAs and intermediate CAs can be revoked. Before you revoke a root CA, we recommend that you revoke the intermediate CAs of the root CA.

  4. In the Confirmation message, click Revoke.

    After you confirm the operation, the root CA or the intermediate CA is immediately revoked. The Status of the root CA or the intermediate CA changes to Revoke. Then, you can delete the root CA or intermediate CA from the CA list.