- Advisory services
- Consultations
- Network and technology policies
- Network and technology service docs
- Using Jisc community
- Network and technology service docs
- Domain name registration
- How to sign up
- Janet Support Manual
- Janet CSIRT
- Back-up services
- eduroam
- Backup Web Hosting
- Certificate Service
- Connection timeline
- Eligibility
- Janet 3G Buyer's Guide
- Janet 3G eduroam interoperablity authentication methods
- Janet Mail Services
- Janet Network Charges
- Janet Reach
- Janet Videoconferencing Feedback results
- Primary connections
- Supporting Business Continuity
- Business and Community Engagement (BCE) using Janet
- Cost
- Interconnect connections
- Connecting student accommodation
- Customer-owned routing equipment
- Obtaining a Janet IP Address Range
- Terms for the Provision of the Janet Service
- Upgrading your existing bandwidth and Janet router
- Fault reporting
- IP address assignment
- Janet Aurora
- Janet Netsight
- Janet txt
- Routers
- Network set-up
- Guest access
- Network time service
- Training
- Contact
- Primary Nameserver Service
- Secondary Nameserver Service
- Vscene
- Certificate Service
- JCS portal help pages
- Latest News
- Certificate types comparison table
- JCS Terms and Conditions
- JCS portal
- Joining the Jisc Certificate Service
- Sub-LRA Agreement
- Joining the Jisc Certificate Service (for Local Authorities and RBCs)
- Revoke a certificate
- How to obtain the Extended Validation (EV) SSL server certificate
- Obtaining a Server Certificate for a school
- JCS Help pages
- Certificate Types
- Frequently Asked Questions
- Factsheets
- JCS Eligibility Policy
- Information on S/MIME certificates
Revoke a certificate
Download as PDFIf the private key of a SSL server certificate is lost or stolen the certificate must be revoked immediately. More commonly, all SSL certificates which are still valid but are no longer used or required must also be revoked by the Certificate Holder.
Every Certificate Authority manages their own certificate revocation lists (CRL) which are published showing the SSL certificates that should no longer be trusted. This enables web browsers in turn to warn users that a certificates used to secure a particular web service cannot be trusted and therefore the user should not proceed.
Authorised users of the JCS web app can revoke certificates directly through their organisation's Certificate Service account, using the following steps:
1. Log in to the JCS web app;
2. Click on the down arrow next to the 'JCS Account' tab and select 'View All Certificates';
3. Find the certificate in question and click on the spanner icon relating to that certificate, found on the right side of the page, chosing 'Revoke Certificate';
4. Enter the reason why the certificate is being revoked and press green 'Revoke' button;
5. The certificate is now revoked and cannot be compromised or used by another party without users encountering errors.
According to RFC 5280 (page 69) there are 10 reasons for revoking a certificate:
- unspecified (0)
- keyCompromise (1)
- CACompromise (2)
- affiliationChanged (3)
- superseded (4)
- cessationOfOperation (5)
- certificateHold (6)
- (value 7 is not used)
- removeFromCRL (8)
- privilegeWithdrawn (9)
- AACompromise (10)
If you would like more information on revocation please contact the Janet Service Desk at service@ja.net, or telephone 0300 300 2212.
