Revoke certificates through CyberArk Certificate Manager SaaS

  • Release version: Australia
  • Updated December 19, 2024
  • 1 minute to read

    • Revoke a certificate through the CyberArk Certificate Manager SaaS to invalidate it before its scheduled expiration date.

    Before you begin

    The certificate must be originally issued through CyberArk and be currently valid.

    Role required: pki_admin or admin

    About this task

    Common reasons for revocation include key compromise, change in certificate details, or decommissioning of the associated service.

    Procedure

    1. Navigate to All > Self-Service > Service Catalog.
    2. Access the form for renewing a certificate.
      1. Select Certificate Management.
      2. Select Automated Flow.
      3. Select Revoke Certificate (Automated).
    3. For the Select how to manage your certificate value, select CyberArk Certificate Manager SaaS.
    4. Select the certificate that must be revoked.
      1. In the Issued Certificate field, select the Lock icon .
      2. Select the Lookup using list icon to find and select the certificate.
      3. On the Unique Certificates form, select the certificate to be revoked.
    5. In the Reason for Revoking Certificate field, provide one of the revocation reasons for CyberArk Certificate Manager SaaS.
      You can also display these reasons by expanding More information.
      • SUPERSEDED: The certificate has been replaced
      • KEY_COMPROMISE: The private key has been compromised
      • AFFILIATION_CHANGED: The certificate holder's affiliation has changed
      • CESSATION_OF_OPERATION: The service is no longer operational
      • UNSPECIFIED: Any other reason.
    6. Select Submit.

    Result

    The revocation request is sent to CyberArk for processing. The certificate status is updated in the relevant certificate task to reflect the revocation. The certificate is invalidated and can no longer be used for authentication.