6.5 Certificate reasons
When you carry out any action in MyID that can affect the state of certificates (for example, disabling a card, requesting a replacement card, or canceling a card) you are required to specify a reason for the change.
In some cases, a certificate may be a shared certificate – an archived certificate that exists on multiple devices.
This reason will affect how MyID updates the status of the certificates, what certificates are stored on the replacement card (if applicable) and what happens with archived certificates. The reason selected may affect shared certificates; for example, if the user has a mobile credential canceled that has a copy of an encryption certificate from a card, a card update job may be created to issue or recover a new encryption certificate onto all devices that have a copy of the shared certificate that is being revoked.
The list of available reasons depends both on the workflow and on your system configuration. Some reasons are generated by automatic processes – you will not see them in the user interface, but they will appear in the audit record.
6.5.1 Certificate reasons reference
This section lists each reason that you can specify, and details what happens to the card and its certificates in each case.
6.5.1.1 Lost
|
Current card: |
Canceled. |
|
Archived certificate on the current card: |
Revoked. |
|
Non-archived certificate on the current card: |
Revoked. |
|
Archived certificate on the replacement card: |
New certificate created. |
|
Non-archived certificate on the replacement card: |
New certificate created. |
|
Expiry date: |
Inherited from original card. |
|
Historic certificates: |
Attempt to recover certificates, if the device supports historic certificates. |
6.5.1.2 Damaged
|
Current card: |
Canceled. |
|
Archived certificate on the current card: |
Non-PIV systems: Active. PIV systems: Revoked. |
|
Non-archived certificate on the current card: |
Revoked. |
|
Archived certificate on the replacement card: |
Non-PIV systems: Original certificate recovered. PIV systems: New certificate created. |
|
Non-archived certificate on the replacement card: |
New certificate created. |
|
Expiry date: |
Inherited from original card. |
|
Historic certificates: |
None. |
6.5.1.3 Stolen
|
Current card: |
Canceled. |
|
Archived certificate on the current card: |
Revoked. |
|
Non-archived certificate on the current card: |
Revoked. |
|
Archived certificate on the replacement card: |
New certificate created. |
|
Non-archived certificate on the replacement card: |
New certificate created. |
|
Expiry date: |
Inherited from original card. |
|
Historic certificates: |
Attempt to recover certificates, if the device supports historic certificates. |
6.5.1.4 Forgotten
|
Current card: |
Disabled. |
|
Archived certificate on the current card: |
Active. |
|
Non-archived certificate on the current card: |
Suspended. |
|
Archived certificate on the replacement card: |
Original certificate recovered. |
|
Non-archived certificate on the replacement card: |
New certificate created. |
|
Expiry date: |
Inherited from original card. |
|
Historic certificates: |
Attempt to recover certificates, if the device supports historic certificates. |
6.5.1.5 Permanently Blocked
|
Current card: |
Canceled. |
|
Archived certificate on the current card: |
Non-PIV systems: Active. PIV systems: Revoked. |
|
Non-archived certificate on the current card: |
Revoked. |
|
Archived certificate on the replacement card: |
Non-PIV systems: Original certificate recovered. PIV systems: New certificate created. |
|
Non-archived certificate on the replacement card: |
New certificate created. |
|
Expiry date: |
Inherited from original card. |
|
Historic certificates: |
None. |
6.5.1.6 Compromised
|
Current card: |
Canceled. |
|
Archived certificate on the current card: |
Revoked. |
|
Non-archived certificate on the current card: |
Revoked. |
|
Archived certificate on the replacement card: |
New certificate created. |
|
Non-archived certificate on the replacement card: |
New certificate created. |
|
Expiry date: |
Inherited from original card. |
|
Historic certificates: |
Attempt to recover certificates, if the device supports historic certificates. |
6.5.1.7 Device holder on leave
|
Current card: |
Disable temporarily |
|
Archived certificate on the current card: |
No action |
|
Non-archived certificate on the current card: |
Suspend |
|
Archived certificate on the replacement card: |
n/a |
|
Non-archived certificate on the replacement card: |
n/a |
|
Expiry date: |
No action |
|
Historic certificates: |
No action |
6.5.1.8 Pending Investigation
|
Current card: |
Disabled. |
|
Archived certificate on the current card: |
Suspended (for the Revoke option on the View Certificate screen in the MyID Operator Client, or using the MyID Core API with reason status mapping ID 93). Active (for all other operations). |
|
Non-archived certificate on the current card: |
Suspended. |
|
Archived certificate on the replacement card: |
Original certificate recovered. |
|
Non-archived certificate on the replacement card: |
New certificate created. |
|
Expiry date: |
Inherited from original card. |
|
Historic certificates: |
None. |
6.5.1.9 Non-payment of services
|
Current card: |
Disable permanently |
|
Archived certificate on the current card: |
Revoke |
|
Non-archived certificate on the current card: |
Revoke |
|
Archived certificate on the replacement card: |
n/a |
|
Non-archived certificate on the replacement card: |
n/a |
|
Expiry date: |
No action |
|
Historic certificates: |
Revoke |
6.5.1.10 Device holder leaving or changing role
|
Current card: |
Cancel |
|
Archived certificate on the current card: |
Revoke |
|
Non-archived certificate on the current card: |
Revoke |
|
Archived certificate on the replacement card: |
n/a |
|
Non-archived certificate on the replacement card: |
n/a |
|
Expiry date: |
No action |
|
Historic certificates: |
Revoke |
6.5.1.11 Device holder details change
|
Current card: |
Cancel |
|
Archived certificate on the current card: |
Revoke |
|
Non-archived certificate on the current card: |
Revoke |
|
Archived certificate on the replacement card: |
Issue new |
|
Non-archived certificate on the replacement card: |
Issue new |
|
Expiry date: |
Set new date |
|
Historic certificates: |
Revoke |
6.5.1.12 Pending Activation
|
Current card: |
Disable |
|
Archived certificate on the current card: |
No action |
|
Non-archived certificate on the current card: |
Suspend |
|
Archived certificate on the replacement card: |
n/a |
|
Non-archived certificate on the replacement card: |
n/a |
|
Expiry date: |
No action |
|
Historic certificates: |
No action |
6.5.1.13 Revocation (other)
|
Current card: |
Canceled. |
|
Archived certificate on the current card: |
Revoked. |
|
Non-archived certificate on the current card: |
Revoked. |
|
Archived certificate on the replacement card: |
New certificate created. |
|
Non-archived certificate on the replacement card: |
New certificate created. |
|
Expiry date: |
Inherited from original card. |
|
Historic certificates: |
Attempt to recover certificates, if the device supports historic certificates. |
6.5.1.14 Suspension (other)
|
Current card: |
Disabled. |
|
Archived certificate on the current card: |
Suspended (for the Revoke option on the View Certificate screen in the MyID Operator Client, or using the MyID Core API with reason status mapping ID 92). Active (for all other operations). |
|
Non-archived certificate on the current card: |
Suspended. |
|
Archived certificate on the replacement card: |
Original certificate recovered. |
|
Non-archived certificate on the replacement card: |
New certificate created. |
|
Expiry date: |
Inherited from original card. |
|
Historic certificates: |
None. |
6.5.1.15 Found Original
|
Current card: |
Cancel replacement card permanently |
|
Archived certificate on the current card: |
Recover to original |
|
Non-archived certificate on the current card: |
Recover to original |
|
Archived certificate on the replacement card: |
No action |
|
Non-archived certificate on the replacement card: |
No action |
|
Expiry date: |
No action |
|
Historic certificates: |
No action |
6.5.1.16 Original Device Compromised
|
Current card: |
Cancel |
|
Archived certificate on the current card: |
Revoke |
|
Non-archived certificate on the current card: |
Revoke |
|
Archived certificate on the replacement card: |
n/a |
|
Non-archived certificate on the replacement card: |
n/a |
|
Expiry date: |
n/a |
|
Historic certificates: |
Revoke |
6.5.1.17 Request device Renewal
|
Current card: |
No action. |
|
Archived certificate on the current card: |
No action. |
|
Non-archived certificate on the current card: |
Revoked. |
|
Archived certificate on the replacement card: |
New certificate created. |
|
Non-archived certificate on the replacement card: |
New certificate created. |
|
Expiry date: |
New expiry date calculated from the date of issuance plus the lifetime of the card. |
|
Historic certificates: |
Attempt to recover certificates, if the device supports historic certificates. |
6.5.1.18 Batch Failed
|
Current card: |
Cancel |
|
Archived certificate on the current card: |
Revoke |
|
Non-archived certificate on the current card: |
Revoke |
|
Archived certificate on the replacement card: |
Issue new |
|
Non-archived certificate on the replacement card: |
Issue new |
|
Expiry date: |
Set new date |
|
Historic certificates: |
Revoke |
6.5.1.19 Bureau Failure
|
Current card: |
Cancel |
|
Archived certificate on the current card: |
Revoke |
|
Non-archived certificate on the current card: |
Revoke |
|
Archived certificate on the replacement card: |
Issue new |
|
Non-archived certificate on the replacement card: |
Issue new |
|
Expiry date: |
Set new date |
|
Historic certificates: |
Revoke |
6.5.1.20 Processing Failure
|
Current card: |
Cancel |
|
Archived certificate on the current card: |
Revoke |
|
Non-archived certificate on the current card: |
No action |
|
Archived certificate on the replacement card: |
Issue new |
|
Non-archived certificate on the replacement card: |
Issue new |
|
Expiry date: |
Set new date |
|
Historic certificates: |
Revoke |
6.5.1.21 Poor print quality
|
Current card: |
Cancel |
|
Archived certificate on the current card: |
Revoke |
|
Non-archived certificate on the current card: |
Revoke |
|
Archived certificate on the replacement card: |
Issue new |
|
Non-archived certificate on the replacement card: |
Issue new |
|
Expiry date: |
Set new date |
|
Historic certificates: |
Revoke |
6.5.1.22 Printing misaligned
|
Current card: |
Cancel |
|
Archived certificate on the current card: |
Revoke |
|
Non-archived certificate on the current card: |
Revoke |
|
Archived certificate on the replacement card: |
Issue new |
|
Non-archived certificate on the replacement card: |
Issue new |
|
Expiry date: |
Set new date |
|
Historic certificates: |
Revoke |
6.5.1.23 Poor lamination quality
|
Current card: |
Cancel |
|
Archived certificate on the current card: |
Revoke |
|
Non-archived certificate on the current card: |
Revoke |
|
Archived certificate on the replacement card: |
Issue new |
|
Non-archived certificate on the replacement card: |
Issue new |
|
Expiry date: |
Set new date |
|
Historic certificates: |
Revoke |
6.5.1.24 Incorrect layout printed
|
Current card: |
Cancel |
|
Archived certificate on the current card: |
Revoke |
|
Non-archived certificate on the current card: |
Revoke |
|
Archived certificate on the replacement card: |
Issue new |
|
Non-archived certificate on the replacement card: |
Issue new |
|
Expiry date: |
Set new date |
|
Historic certificates: |
Revoke |
6.5.1.25 Cancel device and leave Certificates
|
Current card: |
Cancel |
|
Archived certificate on the current card: |
No action |
|
Non-archived certificate on the current card: |
No action |
|
Archived certificate on the replacement card: |
n/a |
|
Non-archived certificate on the replacement card: |
n/a |
|
Expiry date: |
No action |
|
Historic certificates: |
No action |
6.5.1.26 Cancel Certificates and leave device
|
Current card: |
No action |
|
Archived certificate on the current card: |
Revoke |
|
Non-archived certificate on the current card: |
Revoke |
|
Archived certificate on the replacement card: |
n/a |
|
Non-archived certificate on the replacement card: |
n/a |
|
Expiry date: |
n/a |
|
Historic certificates: |
Revoke |
6.5.1.27 Derived Credential Notification Listener
|
Current card: |
Cancel |
|
Archived certificate on the current card: |
Revoke |
|
Non-archived certificate on the current card: |
Revoke |
|
Archived certificate on the replacement card: |
n/a |
|
Non-archived certificate on the replacement card: |
n/a |
|
Expiry date: |
n/a |
|
Historic certificates: |
Revoke |
6.5.1.28 Compromised – Reissue Shared Certificates
|
Current card: |
Cancel |
|
Archived certificate on the current card: |
Revoke |
|
Non-archived certificate on the current card: |
Revoke |
|
Archived certificate on the replacement card: |
Issue new |
|
Non-archived certificate on the replacement card: |
Issue new |
|
Shared certificate on other devices |
Issue new |
|
Expiry date: |
Set new date |
|
Historic certificates: |
Revoke |
6.5.1.29 Credential Profile Update (full revocation)
|
Current card: |
Update or Reprovision (depends on workflow) |
|
Archived certificate on the current card: |
Revoke |
|
Non-archived certificate on the current card: |
Revoke |
|
Archived certificate on the replacement card: |
Issue new |
|
Non-archived certificate on the replacement card: |
Issue new |
|
Expiry date: |
Set new date |
|
Historic certificates: |
Revoke |
6.5.1.30 Credential Profile Update (no revocation)
|
Current card: |
Update or Reprovision (depends on workflow) |
|
Archived certificate on the current card: |
Leave |
|
Non-archived certificate on the current card: |
Leave |
|
Archived certificate on the replacement card: |
Leave |
|
Non-archived certificate on the replacement card: |
Leave |
|
Expiry date: |
Leave |
|
Historic certificates: |
Leave |
6.5.1.31 Details Change – re-issue archived certificates
|
Current card: |
Reprovision |
|
Archived certificate on the current card: |
Revoke, and issue new |
|
Non-archived certificate on the current card: |
Do not revoke, and issue new |
|
Archived certificate on the replacement card: |
n/a |
|
Non-archived certificate on the replacement card: |
n/a |
|
Expiry date: |
Leave |
|
Historic certificates: |
Recover |
6.5.1.32 User details have changed
|
Current card: |
Reprovision |
|
Archived certificate on the current card: |
Do not revoke, and issue new |
|
Non-archived certificate on the current card: |
Revoke, and issue new |
|
Archived certificate on the replacement card: |
n/a |
|
Non-archived certificate on the replacement card: |
n/a |
|
Expiry date: |
Leave |
|
Historic certificates: |
Recover |
6.5.1.33 There is a problem with the device
|
Current card: |
Reprovision |
|
Archived certificate on the current card: |
Do not revoke, and issue new |
|
Non-archived certificate on the current card: |
Revoke, and issue new |
|
Archived certificate on the replacement card: |
n/a |
|
Non-archived certificate on the replacement card: |
n/a |
|
Expiry date: |
Leave |
|
Historic certificates: |
Recover |
6.5.1.34 New credential profile needs to be applied
|
Current card: |
Reprovision |
|
Archived certificate on the current card: |
Do not revoke, and issue new |
|
Non-archived certificate on the current card: |
Revoke, and issue new |
|
Archived certificate on the replacement card: |
n/a |
|
Non-archived certificate on the replacement card: |
n/a |
|
Expiry date: |
Leave |
|
Historic certificates: |
Recover |
6.5.1.35 New certificates need to be added to the device
|
Current card: |
Update |
|
Archived certificate on the current card: |
Do not revoke, and issue new – for certificates affected by the update only |
|
Non-archived certificate on the current card: |
Revoke, and issue new – for certificates affected by the update only |
|
Archived certificate on the replacement card: |
n/a |
|
Non-archived certificate on the replacement card: |
n/a |
|
Expiry date: |
Leave |
|
Historic certificates: |
Recover |
6.5.1.36 Device Replacement (Delayed Cancellation)
|
Current card: |
Canceled. |
|
Archived certificate on the current card: |
Revoked. |
|
Non-archived certificate on the current card: |
Revoked. |
|
Archived certificate on the replacement card: |
New certificate created. |
|
Non-archived certificate on the replacement card: |
New certificate created. |
|
Expiry date: |
Inherited from original card. |
|
Historic certificates: |
Attempt to recover certificates, if the device supports historic certificates. |