Revoking, suspending, and unsuspending certificates

13.2 Revoking, suspending, and unsuspending certificates

You can revoke or suspend certificates by canceling, erasing, or disabling the device on which they live; however, you may want to revoke or suspend a certificate independently of its device. The View Certificate screen allows you to do this.

If you have suspended a certificate, you can also unsuspend the certificate to make it active again.

Important: Whenever you make a change to a certificate status, the certificate is immediately placed into a pending state. Certificate changes are carried out by the MyID certificate service on the application server. You can attempt pause the processing of a certificate change to resume later; however, the MyID certificate service may already have processed the certificate change. See section 13.3, Pausing and resuming certificate processing.

Note: You cannot change revoke, suspend, or unsuspend certificates from the Unmanaged CA; these certificates have not been issued from a CA using MyID.

13.2.1 Revoking or suspending a certificate

You use the same process to revoke or suspend a certificate. The effect on the certificate (revocation or suspension) depends on the reason you choose.

To revoke or suspend a certificate:

Search for a certificate, and view its details.

See section 13.1, Viewing a certificate.
On the View Certificate screen, click Revoke.

If the Revoke option is not available, you may not have permissions to revoke certificates, or the certificate may not be in the correct state; a certificate must be in the Issued state if you want to revoke or suspend it.

The Revoke Certificate screen appears.
Select the Reason for the revocation or suspension from the drop-down list.

This reason affects how MyID treats the certificate.

See the Certificate reasons section in the Operator's Guide for details of how each reason affects the certificate.

Note: You can suspend an archived certificate by selecting the Suspension (other) or Pending Investigation reason on the Revoke Certificate screen in the MyID Operator Client, or through the MyID Core API using the reason status mapping ID 92 – for Suspension(other) – or ID 93 – for Pending Investigation. You cannot suspend an archived certificate using any other method; for example, by canceling a device, or by suspending an individual certificate in MyID Desktop.
Type any Notes on the revocation or suspension.

You can provide further information on your reasons for revoking or suspending the certificate. This information is stored in the audit record.
Click Save.

13.2.2 Revoking or suspending multiple certificates

If you want to revoke or suspend multiple certificates, you can process them in a batch instead of selecting them one by one.

To revoke or suspend multiple certificates:

Click the Certificates category.
Enter some or all of the search criteria for the certificate.

See section 13.1.1, Searching for a certificate.
Click Search.
On the search results page, use the checkboxes to the left of the records to select one or more certificates.
From the Tools menu, select Revoke.

The Revoke Certificate screen appears.

Complete the details as for revoking or suspending a single device; see section 13.2.1, Revoking or suspending a certificate.
Click Save.

The confirmation screen appears.
Click Yes to proceed with the revocation, or No to go back to the list of certificates.

When you click Yes, the Batch Processing screen appears.

The revocations or suspensions are processed. The table shows the status of each certificate change:

	The revocation or suspension succeeded.
	The revocation or suspension failed. The Message column displays the reason for the failure; for example, the certificate may be in the wrong status for the action; you can revoke or suspend a certificate only if it is in the Issued state.

Click Close.

13.2.3 Unsuspending a certificate

If you have temporarily suspended a certificate, you can unsuspend it to make it active again.

To unsuspend a certificate:

Search for certificates.

See section 13.1, Viewing a certificate.

You can select Suspended from the Certificate Status drop-down list to return a list of all suspended certificates.
On the View Certificate screen, click Unsuspend.

If the Unsuspend option is not available, you may not have permissions to unsuspend certificates, or the certificate may not be in the correct state; a certificate must be in the Suspended state if you want to unsuspend it.

The Unsuspend Certificate screen appears.
Type any Notes on the unsuspension.

You can provide further information on your reasons for unsuspending the certificate. This information is stored in the audit record.
Click Save.

13.2.4 Unsuspending multiple certificates

If you want to unsuspend multiple certificates, you can process them in a batch instead of selecting them one by one.

To unsuspend multiple certificates:

Click the Certificates category.
Enter some or all of the search criteria for the certificate.

You can select Suspended from the Certificate Status drop-down list to return a list of all suspended certificates.

See section 13.1.1, Searching for a certificate.
Click Search.
On the search results page, use the checkboxes to the left of the records to select one or more certificates.
From the Tools menu, select Unsuspend.

The Unsuspend Certificate screen appears.

Complete the details as for unsuspending a single device; see section 13.2.3, Unsuspending a certificate.
Click Save.

The confirmation screen appears.
Click Yes to proceed with the unsuspension, or No to go back to the list of certificates.

When you click Yes, the Batch Processing screen appears.

The unsuspension changes are processed. The table shows the status of each certificate change:

	The unsuspension succeeded.
	The unsuspension failed. The Message column displays the reason for the failure; for example, the certificate may be in the wrong status for the action; you can unsuspend a certificate only if it is in the Suspended state.

Click Close.