Skip to content

Revoking Microsoft AD CS-issued certificates

If you're an administrator with either the PKI Administrator or System Administrator roles, you can directly revoke certificates you've issued, specifically for Microsoft AD CS-issued certificates.

Before you begin

  • Make sure that you have either the PKI Administrator or System Administrator roles assigned to your TLS Protect Cloud account.
  • If you're currently using Microsoft AD CS, you'll need to upgrade your VSatellite Worker. Run the following PowerShell script on your VSatellite Worker:

    Invoke-WebRequest -OutFile vsatworkerctl.exe -Uri https://dl.venafi.cloud/vsatworkerctl.exe; .\vsatworkerctl.exe upgrade --port 8085
    

    NOTE

    If you didn't use the default port 8085, be sure to specify the correct port before running the script.

To revoke a certificate

  1. Sign in to TLS Protect Cloud.
  2. Click Inventory > Certificates.

    Make sure that you are viewing the Certificates - Next Gen view of the inventory. Learn more

  3. Locate the certificate you want to revoke and select it.

  4. Click Revoke.
  5. (Conditional) Select a certificate authority account.

    If the certificate was issued using TLS Protect Cloud, the correct CA account is selected for you automatically.

  6. Click Revocation Reason and select the most appropriate reason for revoking the certificate:

    • Superseded: The certificate has been replaced with a newer one. TLS Protect Cloud defaults to Superseded.
    • Affiliation Changed: The person or organization using the certificate no longer has the same role or relationship with the issuer.
    • Cessation of Operation: The services or operations the certificate was used for have ended.
    • Key Compromise: The private key associated with the certificate is potentially or actually exposed to unauthorized parties.
    • Unspecified: A specific reason for revocation isn't given or is not applicable.
  7. (Optional) In the Comment box, type any relavant information that can be used later to help identify circumstances surrounding the revocation.

  8. Select You are about to revoke this certificate... to confirm your choice, and then click Revoke.

When the certificate revocation request has been accepted by the CA, a confirmation message appears on the screen.