Deleting a root authority, sub-authority or certificate

The Delete button makes it possible to delete the PKI on authorities and sub-authorities, or add certificates to the CRL of an authority to indicate that such certificates are no longer trusted.

Only the authority set as the default authority on the firewall cannot be revoked.

When a root authority is revoked, its CRL will also removed from the firewall.

When a parent authority or sub-authority is revoked, all these certificates will be revoked and removed during the same operation.

Deleting a root authority

Select the authority to be deleted from the list on the left.
Click on the button Delete.
Select the file format of the CRL export:
- Base64 format (PEM),
- Binary format (DER).
Enter the CA password.

Click on Revoke CA.
Click on the link that appears to download and save the CRL on your workstation.

Deleting a sub-authority

Select the sub-authority to be deleted from the list on the left.
Click on the button Delete.
Select the file format of the CRL export:
- Base64 format (PEM),
- Binary format (DER).
Enter the CA password (password of the sub-authority).
Enter the Password of the parent CA of the parent sub-authority.
Click on Revoke CA.
Click on the link displayed to download and save the CRL of the sub-authority on your workstation.

Deleting a certificate

Select the certificate to be deleted from the list on the left.
Click on the button Delete.
Select the checkbox Create CRL after revocation if you wish to keep a copy of the CRL.
In this case, select the file format of the CRL export:
- Base64 format (PEM),
- Binary format (DER).
Enter the CA password (password of the issuing authority).

Click on Revoke certificate.
If you have chosen to export the CRL, you will be asked to enter the password of the issuing authority in a separate window. Enter it, then click on Create or renew a CRL.
In this case, a window will open with a link to download the CRL export file.