Revoking an authority, sub-authority or certificate

The Revoke button makes it possible to delete the PKI on authorities and sub-authorities, or add certificates to the CRL of an authority to indicate that such certificates are no longer trusted.

Only the authority set as the default authority on the firewall cannot be revoked.

When a root authority is revoked, its CRL will also removed from the firewall.

When a parent authority or sub-authority is revoked, all these certificates will be revoked and removed during the same operation.

Revoking an authority

  1. Select the authority to be revoked from the list on the left.
  2. Click on Revoke.
  3. Enter the CA passphrase of the authority or sub-authority.
  4. You can select a Reason for the revocation in the drop-down list.
    This reason will be shown in the CRL of the parent authority of the revoked entity.
  5. Select the Format of the CRL export file:
    • Base64 format (PEM),
    • Binary format (DER).
  1. Click on Apply.
  2. Click on the link that appears to download and save the CRL on your workstation.

Revoking a sub-authority or certificate

  1. Select the sub-authority to be revoked from the list on the left.
  2. Click on Revoke.
  3. Enter the CA passphrase (password of the sub-authority).
  4. Enter the Root CA passphrase of the parent sub-authority.
  5. You can select a Reason for the revocation in the drop-down list.
    This reason will be shown in the CRL of the parent authority of the revoked sub-authority.
  6. Select the File format of the CRL export:
    • Base64 format (PEM),
    • Binary format (DER).
  1. Click on Apply.
  2. Click on the link that appears to download and save the CRL of the sub-authority on your workstation.

Revoking a certificate

  1. Select the certificate to be revoked from the list on the left.
  2. Click on Revoke.
  3. Enter the CA passphrase (password of the authority that issued the certificate).
  4. You can select a Reason for the revocation in the drop-down list.
    This reason will be shown in the CRL of the parent authority of the revoked sub-authority.
  5. Select the checkbox Export CRL after revocation if you wish to keep a copy of the CRL.
  6. In this case, select the File format of the CRL export:
    • Base64 format (PEM),
    • Binary format (DER).
  1. Click on Apply.
  2. If you have chosen to export the CRL, a window will open with a link to download the CRL export file.