Skip to main content

Submit a request to revoke a Code Signing/EV Code Signing certificate

Before DigiCert can revoke the certificate, an account administrator may need to approve the revocation request.

Pericolo

When you revoke a code signing certificate, you invalidate the certificate. You also invalidate any code signed by that certificate, including timestamped signatures.

A revoked certificate cannot be restored.

Before you begin

Key compromise

If you know when the key was compromised, you can set a revocation date and time when revoking a code signing certificate due to a key compromise.

Signatures applied before the revocation date remain valid and trusted.
Signatures applied after the revocation date are invalidated and untrusted.

If you revoke a certificate because the private key was compromised, you may want DigiCert to revoke any valid DigiCert-issued certificates associated with the compromised key. See DigiCert's Certificate Problem Reporting page.

Submit a request to revoke a code signing/EV code signing certificate.

In your CertCentral account, in the left main menu, go to Certificates > Orders.
On the Orders page, select the order number for the code signing certificate you want to revoke.
On the certificate's Order details page, in the Order actions dropdown, select Revoke all certificates.
On the Request to Revoke Certificate page, in the Why do you want to revoke this certificate dropdown, select the reason you are revoking the certificates in the order:
- Key compromise – My certificate's private key was lost, stolen, or otherwise compromised.
  With this option, you can set a revocation date if you know when the key was compromised.
  Java signatures: Java uses the status of the certificate, not the revocation date, to determine signature trust. Thus, all Java signatures are invalidated regardless of the certificate revocation date.
  Revoking multiple certificates: When revoking all certificates on an order, DigiCert uses the date of the most recently issued certificate to establish the earliest allowed revocation date for all certificates on the order (i.e., you cannot set a revocation date before the certificate issuance date). If this issuance date does not match your key compromise date, we recommend revoking certificates individually from the Certificate history tab.
- Cessation of operation – I no longer use or control the domain or email address associated with the certificate or no longer use the certificate.
- Affiliation change – The name or any other information regarding my organization changed.
- Superseded – I have requested a new certificate to replace this one.
- Unspecified - None of the reasons above apply.
(Admins only) Revoke without additional admin approval.
As an admin, you can revoke the certificate without additional admin approval. To do this, under Do you want to revoke without additional admin approval, check Revoke this certificate immediately.
In the Comment to admin box, provide additional information to the approving admin.
When ready, select Request revocation.

What's next

DigiCert will revoke the certificate after a CertCentral account administrator approves your revocation request.
(Admins only) If you checked Revoke this certificate immediately, DigiCert will now revoke the certificate.

In questa sezione: