Skip to main content

Revoke a code signing certificate

You can revoke an issued Code Signing or EV Code Signing certificate if needed. For example, if the certificate is no longer needed, the hardware token is lost, or the private key is compromised.

Danger

Revoking a certificate cannot be undone.

The certificate revocation process works as follows:

  1. Submit a request to revoke the certificate.

  2. An administrator approves the revocation request.

  3. DigiCert revokes the certificate.

See Submit a request to revoke a Code Signing/EV Code Signing certificate.

When I revoke a code signing certificate, what happens to the code signed by the certificate?

Revoking a code signing/EV code signing invalidates any code signed by that certificate, including timestamped signatures. The code may show a trust warning to users. To ensure your code remains trusted, resign any code signed by the revoked certificate.