Revoking Microsoft AD CS-issued certificates¶
If you're an administrator with either the PKI Administrator or System Administrator roles, you can directly revoke certificates you've issued, specifically for Microsoft AD CS-issued certificates.
Before you begin¶
- Make sure that you have either the PKI Administrator or System Administrator roles assigned to your TLS Protect Cloud account.
-
If you're currently using Microsoft AD CS, you'll need to upgrade your VSatellite Worker. Run the following PowerShell script on your VSatellite Worker:
Invoke-WebRequest -OutFile vsatworkerctl.exe -Uri https://dl.venafi.cloud/vsatworkerctl.exe; .\vsatworkerctl.exe upgrade --port 8085
NOTE
If you didn't use the default
port 8085
, be sure to specify the correct port before running the script.
To revoke a certificate¶
- Sign in to TLS Protect Cloud.
-
Click Inventory > Certificates.
Make sure that you are viewing the Certificates - Next Gen view of the inventory. Learn more
-
Locate the certificate you want to revoke and select it.
- Click Revoke.
-
(Conditional) Select a certificate authority account.
If the certificate was issued using TLS Protect Cloud, the correct CA account is selected for you automatically.
-
Click Revocation Reason and select the most appropriate reason for revoking the certificate:
- Superseded: The certificate has been replaced with a newer one. TLS Protect Cloud defaults to Superseded.
- Affiliation Changed: The person or organization using the certificate no longer has the same role or relationship with the issuer.
- Cessation of Operation: The services or operations the certificate was used for have ended.
- Key Compromise: The private key associated with the certificate is potentially or actually exposed to unauthorized parties.
- Unspecified: A specific reason for revocation isn't given or is not applicable.
-
(Optional) In the Comment box, type any relavant information that can be used later to help identify circumstances surrounding the revocation.
- Select You are about to revoke this certificate... to confirm your choice, and then click Revoke.
When the certificate revocation request has been accepted by the CA, a confirmation message appears on the screen.