Oracle Cloud Infrastructure Documentation

Revoking a Certificate Version

Revoke a certificate version to stop its use before its scheduled expiration.

A certificate authority (CA) revokes a certificate version when the certificate version becomes invalid before the end of its validity period. A certificate version might become invalid if the name of its owner changes, if the relationship or association between a certificate subject and the issuing CA changes, or if the private key of the certificate is compromised or suspected to be compromised. Revocations are immediate and you can't reverse them.

Note

The Certificates service supports the revocation only of resources issued by an internal certificate. You can't use the service to revoke an externally managed or imported certificate. You also can't revoke a certificate version for a root certificate authority.
    1. On the Certificates list page, select the certificate that you want to work with. If you need help finding the list page or the certificate, see Listing Certificates.
      The certificate's details page opens.
    2. On the certificate's details page, select Versions.
      The Versions list opens.
    3. Find the certificate version that you want to revoke.
    4. From the Actions menu for the certificate version, select Revoke version.
      The Revoke version panel opens.
    5. Select Revocation reason, and then select the reason that you're revoking the certificate version from the list.
    6. Enter the certificate version number in the box to confirm the revocation.
    7. Select Revoke version.

  • Use the oci certs-mgmt certificate-version revoke command and required parameters to revoke a certificate version:

    oci certs-mgmt certificate-version revoke --certificate-id <certificate_OCID> --version-number <certificate_version_number> [OPTIONS]

    For example:

    oci certs-mgmt certificate-version revoke --certificate-id ocid1.certificate.oc1.<region>.<unique_ID> --version-number 2

    For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.

  • Run the RevokeCertificateVersion operation to revoke a certificate version.