6.5 Certificate reasons

When you carry out any action in MyID that can affect the state of certificates (for example, disabling a card, requesting a replacement card, or canceling a card) you are required to specify a reason for the change.

In some cases, a certificate may be a shared certificate – an archived certificate that exists on multiple devices.

This reason will affect how MyID updates the status of the certificates, what certificates are stored on the replacement card (if applicable) and what happens with archived certificates. The reason selected may affect shared certificates; for example, if the user has a mobile credential canceled that has a copy of an encryption certificate from a card, a card update job may be created to issue or recover a new encryption certificate onto all devices that have a copy of the shared certificate that is being revoked.

The list of available reasons depends both on the workflow and on your system configuration. Some reasons are generated by automatic processes – you will not see them in the user interface, but they will appear in the audit record.

6.5.1 Certificate reasons reference

This section lists each reason that you can specify, and details what happens to the card and its certificates in each case.

6.5.1.1 Lost

Current card:

Canceled.

Archived certificate on the current card:

Revoked.

Non-archived certificate on the current card:

Revoked.

Archived certificate on the replacement card:

New certificate created.

Non-archived certificate on the replacement card:

New certificate created.

Expiry date:

Inherited from original card.

Historic certificates:

Attempt to recover certificates, if the device supports historic certificates.

6.5.1.2 Damaged

Current card:

Canceled.

Archived certificate on the current card:

Non-PIV systems: Active.

PIV systems: Revoked.

Non-archived certificate on the current card:

Revoked.

Archived certificate on the replacement card:

Non-PIV systems: Original certificate recovered.

PIV systems: New certificate created.

Non-archived certificate on the replacement card:

New certificate created.

Expiry date:

Inherited from original card.

Historic certificates:

None.

6.5.1.3 Stolen

Current card:

Canceled.

Archived certificate on the current card:

Revoked.

Non-archived certificate on the current card:

Revoked.

Archived certificate on the replacement card:

New certificate created.

Non-archived certificate on the replacement card:

New certificate created.

Expiry date:

Inherited from original card.

Historic certificates:

Attempt to recover certificates, if the device supports historic certificates.

6.5.1.4 Forgotten

Current card:

Disabled.

Archived certificate on the current card:

Active.

Non-archived certificate on the current card:

Suspended.

Archived certificate on the replacement card:

Original certificate recovered.

Non-archived certificate on the replacement card:

New certificate created.

Expiry date:

Inherited from original card.

Historic certificates:

Attempt to recover certificates, if the device supports historic certificates.

6.5.1.5 Permanently Blocked

Current card:

Canceled.

Archived certificate on the current card:

Non-PIV systems: Active.

PIV systems: Revoked.

Non-archived certificate on the current card:

Revoked.

Archived certificate on the replacement card:

Non-PIV systems: Original certificate recovered.

PIV systems: New certificate created.

Non-archived certificate on the replacement card:

New certificate created.

Expiry date:

Inherited from original card.

Historic certificates:

None.

6.5.1.6 Compromised

Current card:

Canceled.

Archived certificate on the current card:

Revoked.

Non-archived certificate on the current card:

Revoked.

Archived certificate on the replacement card:

New certificate created.

Non-archived certificate on the replacement card:

New certificate created.

Expiry date:

Inherited from original card.

Historic certificates:

Attempt to recover certificates, if the device supports historic certificates.

6.5.1.7 Device holder on leave

Current card:

Disable temporarily

Archived certificate on the current card:

No action

Non-archived certificate on the current card:

Suspend

Archived certificate on the replacement card:

n/a

Non-archived certificate on the replacement card:

n/a

Expiry date:

No action

Historic certificates:

No action

6.5.1.8 Pending Investigation

Current card:

Disabled.

Archived certificate on the current card:

Active.

Non-archived certificate on the current card:

Suspended.

Archived certificate on the replacement card:

Original certificate recovered.

Non-archived certificate on the replacement card:

New certificate created.

Expiry date:

Inherited from original card.

Historic certificates:

None.

6.5.1.9 Non-payment of services

Current card:

Disable permanently

Archived certificate on the current card:

Revoke

Non-archived certificate on the current card:

Revoke

Archived certificate on the replacement card:

n/a

Non-archived certificate on the replacement card:

n/a

Expiry date:

No action

Historic certificates:

Revoke

6.5.1.10 Device holder leaving or changing role

Current card:

Cancel

Archived certificate on the current card:

Revoke

Non-archived certificate on the current card:

Revoke

Archived certificate on the replacement card:

n/a

Non-archived certificate on the replacement card:

n/a

Expiry date:

No action

Historic certificates:

Revoke

6.5.1.11 Device holder details change

Current card:

Cancel

Archived certificate on the current card:

Revoke

Non-archived certificate on the current card:

Revoke

Archived certificate on the replacement card:

Issue new

Non-archived certificate on the replacement card:

Issue new

Expiry date:

Set new date

Historic certificates:

Revoke

6.5.1.12 Pending Activation

Current card:

Disable

Archived certificate on the current card:

No action

Non-archived certificate on the current card:

Suspend

Archived certificate on the replacement card:

n/a

Non-archived certificate on the replacement card:

n/a

Expiry date:

No action

Historic certificates:

No action

6.5.1.13 Revocation (other)

Current card:

Canceled.

Archived certificate on the current card:

Revoked.

Non-archived certificate on the current card:

Revoked.

Archived certificate on the replacement card:

New certificate created.

Non-archived certificate on the replacement card:

New certificate created.

Expiry date:

Inherited from original card.

Historic certificates:

Attempt to recover certificates, if the device supports historic certificates.

6.5.1.14 Suspension (other)

Current card:

Disabled.

Archived certificate on the current card:

Active.

Non-archived certificate on the current card:

Suspended.

Archived certificate on the replacement card:

Original certificate recovered.

Non-archived certificate on the replacement card:

New certificate created.

Expiry date:

Inherited from original card.

Historic certificates:

None.

6.5.1.15 Found Original

Current card:

Cancel replacement card permanently

Archived certificate on the current card:

Recover to original

Non-archived certificate on the current card:

Recover to original

Archived certificate on the replacement card:

No action

Non-archived certificate on the replacement card:

No action

Expiry date:

No action

Historic certificates:

No action

6.5.1.16 Original Device Compromised

Current card:

Cancel

Archived certificate on the current card:

Revoke

Non-archived certificate on the current card:

Revoke

Archived certificate on the replacement card:

n/a

Non-archived certificate on the replacement card:

n/a

Expiry date:

n/a

Historic certificates:

Revoke

6.5.1.17 Request device Renewal

Current card:

No action.

Archived certificate on the current card:

No action.

Non-archived certificate on the current card:

Revoked.

Archived certificate on the replacement card:

New certificate created.

Non-archived certificate on the replacement card:

New certificate created.

Expiry date:

New expiry date calculated from the date of issuance plus the lifetime of the card.

Historic certificates:

Attempt to recover certificates, if the device supports historic certificates.

6.5.1.18 Batch Failed

Current card:

Cancel

Archived certificate on the current card:

Revoke

Non-archived certificate on the current card:

Revoke

Archived certificate on the replacement card:

Issue new

Non-archived certificate on the replacement card:

Issue new

Expiry date:

Set new date

Historic certificates:

Revoke

6.5.1.19 Bureau Failure

Current card:

Cancel

Archived certificate on the current card:

Revoke

Non-archived certificate on the current card:

Revoke

Archived certificate on the replacement card:

Issue new

Non-archived certificate on the replacement card:

Issue new

Expiry date:

Set new date

Historic certificates:

Revoke

6.5.1.20 Processing Failure

Current card:

Cancel

Archived certificate on the current card:

Revoke

Non-archived certificate on the current card:

No action

Archived certificate on the replacement card:

Issue new

Non-archived certificate on the replacement card:

Issue new

Expiry date:

Set new date

Historic certificates:

Revoke

6.5.1.21 Poor print quality

Current card:

Cancel

Archived certificate on the current card:

Revoke

Non-archived certificate on the current card:

Revoke

Archived certificate on the replacement card:

Issue new

Non-archived certificate on the replacement card:

Issue new

Expiry date:

Set new date

Historic certificates:

Revoke

6.5.1.22 Printing misaligned

Current card:

Cancel

Archived certificate on the current card:

Revoke

Non-archived certificate on the current card:

Revoke

Archived certificate on the replacement card:

Issue new

Non-archived certificate on the replacement card:

Issue new

Expiry date:

Set new date

Historic certificates:

Revoke

6.5.1.23 Poor lamination quality

Current card:

Cancel

Archived certificate on the current card:

Revoke

Non-archived certificate on the current card:

Revoke

Archived certificate on the replacement card:

Issue new

Non-archived certificate on the replacement card:

Issue new

Expiry date:

Set new date

Historic certificates:

Revoke

6.5.1.24 Incorrect layout printed

Current card:

Cancel

Archived certificate on the current card:

Revoke

Non-archived certificate on the current card:

Revoke

Archived certificate on the replacement card:

Issue new

Non-archived certificate on the replacement card:

Issue new

Expiry date:

Set new date

Historic certificates:

Revoke

6.5.1.25 Cancel device and leave Certificates

Current card:

Cancel

Archived certificate on the current card:

No action

Non-archived certificate on the current card:

No action

Archived certificate on the replacement card:

n/a

Non-archived certificate on the replacement card:

n/a

Expiry date:

No action

Historic certificates:

No action

6.5.1.26 Cancel Certificates and leave device

Current card:

No action

Archived certificate on the current card:

Revoke

Non-archived certificate on the current card:

Revoke

Archived certificate on the replacement card:

n/a

Non-archived certificate on the replacement card:

n/a

Expiry date:

n/a

Historic certificates:

Revoke

6.5.1.27 Derived Credential Notification Listener

Current card:

Cancel

Archived certificate on the current card:

Revoke

Non-archived certificate on the current card:

Revoke

Archived certificate on the replacement card:

n/a

Non-archived certificate on the replacement card:

n/a

Expiry date:

n/a

Historic certificates:

Revoke

6.5.1.28 Compromised – Reissue Shared Certificates

Current card:

Cancel

Archived certificate on the current card:

Revoke

Non-archived certificate on the current card:

Revoke

Archived certificate on the replacement card:

Issue new

Non-archived certificate on the replacement card:

Issue new

Shared certificate on other devices

Issue new

Expiry date:

Set new date

Historic certificates:

Revoke

6.5.1.29 Credential Profile Update (full revocation)

Current card:

Update or Reprovision

(depends on workflow)

Archived certificate on the current card:

Revoke

Non-archived certificate on the current card:

Revoke

Archived certificate on the replacement card:

Issue new

Non-archived certificate on the replacement card:

Issue new

Expiry date:

Set new date

Historic certificates:

Revoke

6.5.1.30 Credential Profile Update (no revocation)

Current card:

Update or Reprovision

(depends on workflow)

Archived certificate on the current card:

Leave

Non-archived certificate on the current card:

Leave

Archived certificate on the replacement card:

Leave

Non-archived certificate on the replacement card:

Leave

Expiry date:

Leave

Historic certificates:

Leave

6.5.1.31 Details Change – re-issue archived certificates

Current card:

Reprovision

Archived certificate on the current card:

Revoke, and issue new

Non-archived certificate on the current card:

Do not revoke, and issue new

Archived certificate on the replacement card:

n/a

Non-archived certificate on the replacement card:

n/a

Expiry date:

Leave

Historic certificates:

Recover

6.5.1.32 User details have changed

Current card:

Reprovision

Archived certificate on the current card:

Do not revoke, and issue new

Non-archived certificate on the current card:

Revoke, and issue new

Archived certificate on the replacement card:

n/a

Non-archived certificate on the replacement card:

n/a

Expiry date:

Leave

Historic certificates:

Recover

6.5.1.33 There is a problem with the device

Current card:

Reprovision

Archived certificate on the current card:

Do not revoke, and issue new

Non-archived certificate on the current card:

Revoke, and issue new

Archived certificate on the replacement card:

n/a

Non-archived certificate on the replacement card:

n/a

Expiry date:

Leave

Historic certificates:

Recover

6.5.1.34 New credential profile needs to be applied

Current card:

Reprovision

Archived certificate on the current card:

Do not revoke, and issue new

Non-archived certificate on the current card:

Revoke, and issue new

Archived certificate on the replacement card:

n/a

Non-archived certificate on the replacement card:

n/a

Expiry date:

Leave

Historic certificates:

Recover

6.5.1.35 New certificates need to be added to the device

Current card:

Update

Archived certificate on the current card:

Do not revoke, and issue new – for certificates affected by the update only

Non-archived certificate on the current card:

Revoke, and issue new – for certificates affected by the update only

Archived certificate on the replacement card:

n/a

Non-archived certificate on the replacement card:

n/a

Expiry date:

Leave

Historic certificates:

Recover

6.5.1.36 Device Replacement (Delayed Cancellation)

Current card:

Canceled.

Archived certificate on the current card:

Revoked.

Non-archived certificate on the current card:

Revoked.

Archived certificate on the replacement card:

New certificate created.

Non-archived certificate on the replacement card:

New certificate created.

Expiry date:

Inherited from original card.

Historic certificates:

Attempt to recover certificates, if the device supports historic certificates.