Skip to main content

Submit a request to revoke a Code Signing or EV Code Signing certificate

Before you begin

  • By default, revoking a certificate on an order also revokes all associated certificates on that order, including reissues and duplicates. To revoke a single certificate while keeping the order active, see Revoke a single certificate on an order.

  • If revoking due to private key compromise, consider submitting a request to the DigiCert Certificate Problem Reporting tool to revoke any valid DigiCert-issued certificates associated with the compromised key.

  • Confirm that all certificates on the order have been replaced before submitting the revocation request.

Submit a revocation request

  1. In the CertCentral main menu, go to Certificates > Orders.

  2. Select the order number for the code signing or EV code signing certificate to revoke.

  3. On the Order details page, in the Order actions menu, select Revoke all certificates.

  4. On the Request to Revoke Certificate page, select the reason for revocation

    • Key compromise: the private key was lost, stolen, or compromised

    • Cessation of operation: the certificate is no longer in use

    • Affiliation change: the organization name or other information has changed

    • Superseded: a new certificate has been requested to replace this one

    • Unspecified: none of the above reasons apply

  5. For key compromise only: under Do you know when the private key was compromised, select Yes and set the revocation date and time.

    Signatures applied before the revocation date remain valid and trusted. Signatures applied after the revocation date are invalidated.

    Notice

    Java uses certificate status, not the revocation date, to determine signature trust. All Java signatures are invalidated regardless of the revocation date set. When revoking all certificates on an order, the earliest allowed revocation date is the issuance date of the most recently issued certificate. If this date does not match the key compromise date, revoke certificates individually from the Certificate history tab instead.

  6. Select Request revocation.

After submission, the revocation request remains pending until a CertCentral administrator approves it. DigiCert revokes all certificates on the order after the request is approved.

Notice

Administrators can bypass the approval step. Under Do you want to revoke without additional admin approval, select Revoke this certificate immediately to revoke the certificate without waiting for administrator approval.

Related topics

In questa sezione: