Historical Content Alert

This is a historical content for Windows 2000 product and is presented for informative purposes only. All content on this page is copyrighted and owned by Microsoft.

To revoke an issued certificate

  1. Log on to the system as an Administrator.
  2. Open Certification Authority.
  3. In the console tree, click Issued Certificates

    • Certification Authority (computer)
    • CA name
    • Issued Certificates
  4. In the details pane, click the certificate you want to revoke.
  5. On the Action menu, point to All Tasks, and click Revoke Certificate.
  6. Select the reason for revoking the certificate and click Yes.


  • To open Certification Authority, click Start, point to Programs, point to Administrative Tools, and then click Certification Authority.
  • The certificate is marked as revoked and is moved to the Revoked Certificates folder. The revoked certificate will appear on the certificate revocation list (CRL) the next time it is published.
  • Certificates revoked with the reason code "Certificate Hold" can be unrevoked, left on "Certificate Hold" until they expire, or have their revocation reason code changed. This is the only reason code that allows you to change the status of a revoked certificate. It is useful if the status of the certificate is questionable and is meant to provide some flexibility to the CA administrator.
    • To unrevoke a certificate revoked with the reason code "Certificate Hold," at a command prompt on the CA, type

      certutil -revoke certificateserialnumber unrevoke

      To identify the certificateserialnumber, double-click the revoked certificate in the details pane of the Revoked Certificates folder, and then click the Details tab.

    • To change the reason code for a certificate previously revoked with the reason code "Certificate Hold," type the appropriate command at a command prompt on the CA.

      New reason code for
      revoking a certificate
      currently on "Certificate Hold"
      Unspecified certutil -revoke certificateserialnumber 0
      Key Compromise certutil -revoke certificateserialnumber 1
      CA Compromise certutil -revoke certificateserialnumber 2
      Affiliation Changed certutil -revoke certificateserialnumber 3
      Superseded certutil -revoke certificateserialnumber 4
      Cessation of Operation certutil -revoke certificateserialnumber 5

Share this article: