Is there a way to unrevoke a CEM certificate?
Article ID: 195583
Updated On:
Products
IT Management Suite
Issue/Introduction
Question:
When you revoke a client certificate, is there a way to unrevoked them or get the client new certificates that are not revoked?
Environment
ITMS 8.x
Resolution
Answer:
When you revoke a certificate it gets removed from our database and its hash gets added to the local revocation list. CRL will be propagated to our gateway.
So from this point, it depends on the certificate type. In most of the cases, it is easier to create a new certificate rather than try to reactivate an old one. If this is a CEM certificate, you need to remove it from CRL manually and then, you can somehow specify that the client will re-register its certificates on SMP on the next connection attempt. If this is the case of a CEM temporary certificate - it will not work.
In general, revocation is a one way process. So if it is done you need to either recreate CEM communication using CEM policy, agent communication profile or CEM Installation package.
Additional Information
"How to replace, renew, and revoke certificates in ITMS 8.x ..." (KB 204333)
Feedback
Yes
No
Powered by
