What is revocation of a Certificate?
Revocation is the procedure of losing the validity of a certificate before its expiration date. It takes place as a result of receiving a request from the Subscriber or in the event a breach of a certificate is discovered. In the revocation process, the certificate goes to the so-called Certificate Revocation List (CRL), which is a list of revoked certificates.
Placing a certificate on the CRL list means that it is no longer trusted by browsers, programs for viewing documents, systems, etc. and prevents its further use.
Reasons for revocation of
Certum certificates
- Disclosure of certificate key
(e.g., loss of a physical card, loss of a wallet with a PIN stored on a card, loss of a phone with a PIN stored on it) - Change of subscriber's details
(e.g., change of name, obtaining a Pesel number) - Discontinuation of use of the certificate
(e.g., you can no longer hold the company data contained in the certificate) - I want to revoke my certificate without giving any reason
Questions
Can I revoke a deceased person's certificate?
Yes, revocation of a deceased person's certificate is possible using the form on the website https://revoke.certum.eu/.
Are there additional fees associated with certificate revocation?
The revocation process is not associated with any additional fees to Certum. It also does not result in a return of funds that were incurred for the purchase of the certificate.
Do I need to go to a Point of Sale to revoke a qualified certificate?
The revocation process can be carried out on your account at https://panel.certum.pl/ (if your certificate is assigned to the account) or on the website https://revoke.certum.eu/, using a special form.
What happens to the certificate after it is revoked?
Such a certificate is placed on a special list called a CRL (Certificate Revocation List) and published by a certification authority that issued the certificate revoked by a subscriber (or an authorized person). Certificate revocation is equivalent to certificate expiry.
What is the waiting period for certificate revocation after requesting a qualified certificate revocation?
The certificate will be revoked within 24 hour at the most after all the necessary steps. You will receive confirmation of the certificate revocation via email.
How do I revoke a qualified certificate for my former employee?
A universal qualified certificate containing the Subscriber data may be canceled only upon their request. A qualified certificate with additional data may be canceled by both the Subscriber and an authorized representative of the represented entity. To do so, please use the form on this page.
What if there is an error in the certificate?
No error in a certificate issued by a Trusted Third Party can be considered insignificant. A typo in the organization's name or an incorrect address can make it impossible to identify the organization unambiguously and reduce customer confidence or mislead the customer. For this reason, the safety standards clearly indicate that in case of any error, a certificate must be revoked. It is in the interest of both the certificate owner and the Certification Authority to take appropriate steps to revoke the incorrect certificate and replace it with a new one as soon as possible.
How does issuing a new non-qualified certificate work?
As soon as Certum receives and confirms a report of an incorrectly issued certificate, Certum shall contact the client to inform them of the fact. This allows to quickly replace the certificate before revocation occurs. In order to ensure your customers' certificate continuity, it is a good idea to prepare your customer service process in case an incorrect issuance is discovered. This process should include immediately informing the customer of the situation and quickly allowing them to replace the erroneous certificate with a new, correct one.
Certum allows you to issue a new certificate with corrected data in two ways, depending on the reason for revocation:
1. Application of a reissue operation:
2. Resubmission of an application:
- in case of a compromised key or incorrect certificate structure it is possible to use the reissue operation – the advantage of this method is lack of additional verification and automatic certificate issuance, the reissue method does not allow to change the data;
- in case of a compromised key or incorrect certificate structure it is also possible to resubmit an application – for this method it is required to repeat the process of verifying the domains and data in the certificate;
- in case of incorrect data it is necessary to resubmit the application with correct data – for this method it is required to repeat the process of verification of domains and data in the certificate.
How does revocation of an incorrect non-qualified certificate work?
A Certification Authority that detects an incorrect issuance, or that receives a notification of an incorrect issuance, immediately informs the certificate owner of the situation. Standards for SSL certificates require that the certificate be revoked within 24 hours of notification to the Certificate Authority. In special cases, this period may be extended to a maximum of 5 days. The time to revoke an erroneous certificate depends on the scale of the threat it poses:
- in case a private certificate's key was compromised or a domain verification was incorrectly performed, it will be up to 24 hours;
- in the case of an invalid field value in the certificate entity, it will be a maximum of 5 days.
Let us help you choose
