Oracle Cloud Infrastructure Documentation

Revoking a Certificate Authority Version

Revoke a certificate authority (CA) version when its certificate becomes invalid before the end of its validity period.

Note

The Certificates service supports the revocation only of resources issued by an internal certificate. You can't use the service to revoke an externally managed or imported certificate. You also can't revoke a certificate version for a root certificate authority.
Note

If your CA was issued by an external root CA, you must manually update the Certificate Revocation List (CRL).

The certificate for a certificate authority version might become invalid if the name of its owner changes, if the relationship or association between a certificate subject and the issuing certificate authority changes, or if the private key of the certificate is compromised or suspected to be compromised. Revocations are immediate and you can't reverse them.

    1. On the Certificate Authorities list page, select the certificate authority that you want to work with. If you need help finding the list page or the certificate authority, see Listing Certificate Authorities.
      The certificate authority's details page opens.
    2. On the certificate authority's details page, select Versions.
      The Versions list opens.
    3. Find the certificate authority version that you want to revoke.
    4. From the Actions menu for the certificate authority version, and select Revoke version.
      The Revoke version panel opens.
    5. Select the reason that you're revoking the certificate version from the list.
    6. To confirm the revocation, enter the certificate authority version number in the text box.
    7. Select Revoke version.

  • Use the oci certs-mgmts certificate-authority-version revoke command and required parameters to revoke a certificate authority version:

    oci certs-mgmt certificate-authority-version revoke --certificate-authority-id <CA_OCID> --version-number <CA_version_number> [OPTIONS]

    For example:

    oci certs-mgmt certificate-authority-version revoke --certificate-authority-id ocid1.certificateauthority.oc1.<region>.<unique_id> --version-number 3

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the RevokeCertificateAuthorityVersion operation to revoke a certificate authority version.