If you no longer need an enabled root CA or intermediate CA before it expires, you can revoke it in the Certificate Management Service console. This topic describes how to revoke a root CA or an intermediate CA.
Prerequisites
The root CA or intermediate CA has not issued any certificates.
If the root CA or intermediate CA that you want to revoke has issued certificates, you must revoke the issued certificates before you revoke the CA. For more information, see Revoke a private certificate.
The root CA or intermediate CA is enabled.
WarningRevoking a root CA or an intermediate CA is non-refundable. After you revoke the CA, you can no longer use it to request or issue private certificates.
Procedure
Log in to the Certificate Management Service console.
In the navigation pane on the left, choose . On the PCA Certificate Management page, select the region where the PCA service is located.
On the Private CAs tab, find the CA that is in the Enabled state and click Revoke in the Actions column.
You can revoke both root CAs and intermediate CAs. You must revoke the intermediate CA before you revoke the root CA.
In the Confirmation dialog box, click Revoke.
The root CA or intermediate CA is immediately revoked. Its Status changes to Revoke. You can then click Delete to remove the root CA or intermediate CA from the list.