Is there a way to unrevoke a CEM certificate?

book

Article ID: 195583

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

Question:

When you revoke a client certificate, is there a way to unrevoked them or get the client new certificates that are not revoked?

Environment

ITMS 8.1, 8.5

Resolution

Answer:

When you revoke a certificate it gets removed from our database and its hash gets added to the local revocation list. CRL will be propagated to our gateway.

So from this point, it depends on the certificate type. In most of the cases, it is easier to create a new certificate rather than try to reactivate an old one.  If this is a CEM certificate, you need to remove it from CRL manually and then, you can somehow specify that the client will re-register its certificates on SMP on the next connection attempt. If this is the case of a CEM temporary certificate - it will not work.
 
In general, revocation is a one way process. So if it is done you need to either recreate CEM communication using CEM policy, agent communication profile or CEM Installation package.