Versions Compared

Old Version 5

changes.mady.by.user Ylva Andersson

Saved on

compared with

New Version 6

changes.mady.by.user Ylva Andersson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: CM 8.10: Updates throughout the article.

...

This article describes how to publish revoke a Certificate Authority (CA) in Smart ID Certificate Manager (CM). It may be a requirement that end-user certificates are not published in any directory until the issuing authority receives signed confirmation, from the end-user, that the certificate is in the user's possession. This

This task is done in Administrator's workbench (AWB).

A CA with an external issuer can be set as revoked with the Externally Revoked Authority command from the Tools menu. This will only change the state of the CA in the database, the actual CRL is issued by the external issuer. However, a CA must be set as revoked to be able to remove its key.

Prerequisites

The CA certificate must have been issued.

Step-by-step instruction

...

following prerequisites apply:

  • Two administration officers must sign the request.

  • Both officers must have the following roles:

    • Use AWB

    • CA and Key tasks

  • A connection to the CM host must have been established. See Connect to a Certificate Manager host.

Revoke CA

Excerpt
namePublish Revoke CA/SA

  1. In AWB, select the CA/SA certificate in the Authority Hierarchy in the explorer barto be revoked by highlighting it.

  2. Select Tools > Publish Authority and select the publication procedure you want to useRevoke Authority and select the revocation reason from the sub-menu.

  3. In the Signature dialog box, enter the PIN code.

Signing completes the task and returns you to the AWB window

  1. . See Sign tasks in Certificate Manager for more information.

Revocation reasons

The available revocation reasons depends on the type of CA/SA and the current state of the CA/SA. The following table shows the available reasons and how a reason can be changed.

Current CA state and type

New state or reasons

Active CA

All reasons except On Hold

Active CA with external key

All reasons including On Hold

On Hold CA with external key

Reinstate or all reasons except On Hold

Revoked CA, Affiliation Changed, Superseded or Cessation of Operation

Key-, CA- or AA Compromise

Revoked CA, CA- or AA Compromise

Key Compromise

Revoked CA, Key Compromise

None

The On Hold reason can only be set on a CA with external key.

Not all reason codes are available for Signing Authorities, for example CaCompromise and AACompromise.

Related information