Is there a way to unrevoke a CEM certificate?


Article ID: 195583


Updated On:


Management Platform (Formerly known as Notification Server)



When you revoke a client certificate, is there a way to unrevoked them or get the client new certificates that are not revoked?


ITMS 8.1, 8.5



When you revoke a certificate it gets removed from our database and its hash gets added to the local revocation list. CRL will be propagated to our gateway.

So from this point, it depends on the certificate type. In most of the cases, it is easier to create a new certificate rather than try to reactivate an old one.  If this is a CEM certificate, you need to remove it from CRL manually and then, you can somehow specify that the client will re-register its certificates on SMP on the next connection attempt. If this is the case of a CEM temporary certificate - it will not work.
In general, revocation is a one way process. So if it is done you need to either recreate CEM communication using CEM policy, agent communication profile or CEM Installation package.