Is there a way to unrevoke a CEM certificate?

search cancel

Is there a way to unrevoke a CEM certificate?

book

Article ID: 195583

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

When you revoke a client certificate, is there a way to unrevoked them or get the client new certificates that are not revoked?

Environment

ITMS 8.x

Resolution

When you revoke a certificate it gets removed from the ITMS database and its hash gets added to the local revocation list. The Certificate Revocation List (CRL) will be propagated to the Internet Gateway.

So from this point, it depends on the certificate type. In most cases it is easier to create a new certificate rather than try to reactivate an older one. If this is a Cloud-enabled Managagement (CEM) certificate, you'll need to remove it from CRL manually and then you can specify that the client will re-register its certificates on SMP on the next connection attempt. If this is the case of a CEM temporary certificate - this will not work.

In general, revocation is a one way process. So if it is done you'll need to either recreate the CEM communication using a CEM policy, agent Communication Profile, or a CEM Installation package.

Additional Information

Steps to replace, renew, and revoke certificates in ITMS 8.x

Cloud-enabled Management for ITMS - Whitepaper

Feedback

thumb_up Yes

thumb_down No