Document toolboxDocument toolbox

Requirements to revoke certificates issued by ACME account

This article is valid for Certificate Manager 8.1 and later.

Certificates that have been issued by an authorized ACME account can be revoked via the ACME protocol, as long as these requirements apply: 

  • Valid certificate
    The certificate to be revoked must be valid. Protocol Gateway does not allow revocation of expired or already revoked certificates.

  • Allowed reason codes
    The following reason codes are allowed:

    • Unspecified (0)

    • KeyCompromise (1)

    • AffiliationChanged (3)

    • Superseded (4)

    • CessationOfOperation (5)

  • Requested by an account
    The revocation of a certificate can be requested by an authorized ACME account. These accounts are considered authorized for a certificate:

    • the account that issued the certificate

    • an account that holds authorizations for all of the domain names in the certificate

  • Requested by the certificate's private key
    The revocation of a certificate can be requested by signing the request with the private key corresponding to the public key in the certificate to revoke. This proves that the requester holds the private key and thus is considered the owner of the certificate.



Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions