Versions Compared

Old Version 3

changes.mady.by.user Ann Base (Deactivated)

Saved on

compared with

New Version 4

changes.mady.by.user Josefin Klang (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This article describes how to revoke a Certificate Authority (CA) in Smart ID Certificate Manager (CM).

This task is done in Administrator's workbench (AWB)

...

.

Note

A CA with an external issuer can be set as revoked with the Externally Revoked CA command from the Tools menu. This will only change the state of the CA in the database, the actual CRL is issued by the external issuer. However, a CA must be set as revoked to be able to remove its key.

Prerequisites

Expand
titlePrerequisites

The following prerequisites apply:

  • Two administration officers must sign the request.
  • Both officers must have the following roles:
    • Use AWB
    • CA and Key tasks

A connection to the CM host must have been established. See Connect to a Certificate Manager host.

Step-by-step instruction

Expand
titleRevoke CA
  1. In AWB, select the CA to be revoked by highlighting it.
  2. Select Tools > Revoke CA and select the revocation reason from the sub-menu.
  3. In the Signature dialog box, enter the PIN code. See Sign tasks in Certificate Manager for more information.

Revocation reasons

The available revocation reasons depends on the type of CA and the current state of the CA. The following table shows the available reasons and how a reason can be changed.

Current CA state and typeNew state or reasons
Active CAAll reasons except On Hold
Active CA with external keyAll reasons including On Hold
On Hold CA with external keyReinstate or all reasons except On Hold
Revoked CA, Affiliation Changed, Superseded or Cessation of OperationKey-, CA- or AA Compromise
Revoked CA, CA- or AA CompromiseKey Compromise
Revoked CA, Key CompromiseNone

The On Hold reason can only be set on a CA with external key.

Related information