If you revoke an SSL certificate before it expires, the certificate is deregistered from the certificate authority (CA) from which the certificate is issued. If you no longer use a certificate that is issued by using Certificate Management Service or you do not want to use the certificate for security reasons, you can submit a request to revoke the certificate by using the Certificate Management Service console. After the certificate is revoked, the certificate is no longer trusted by browsers. When a user accesses the website that uses the revoked certificate, the access may fail. For example, an error occurs, and requested pages cannot be displayed.

Prerequisites

  • You are logged on to your Alibaba Cloud account.
  • The certificate is purchased and issued by using Certificate Management Service.

    If your certificate is a third-party certificate that is uploaded to the Certificate Management Service console for centralized management, you cannot revoke the certificate by using the Certificate Management Service console. You must log on to the certificate system of the certificate provider to revoke the certificate.

  • The certificate is valid.
  • The certificate is not hosted.

    You cannot revoke a certificate that is hosted because the hosted certificate is automatically renewed when it is due to expire. If the hosted certificate is revoked, the automatic renewal fails.

    Notice If you want to revoke a hosted certificate, you must cancel the certificates that are associated with the hosted certificate and are in the Not Activated state. This way, the certificate that you want to revoke is no longer hosted, and you can revoke the certificate.

Scenarios

You may need to revoke a certificate in one of the following scenarios:
  • The information that you specified to apply for a certificate is invalid, but the certificate is issued. In this case, you must revoke the certificate, modify the information, and then submit the application.
  • A certificate is issued, but you want to replace the domain names that are bound to the certificate.
  • You do not want to use an issued certificate for security or other reasons.

Limits

  • Each time you purchase a certificate by using Certificate Management Service, you can submit one revocation request for the certificate. The number of revocation requests that you can submit cannot exceed the number of certificates that you purchase by using the same Alibaba Cloud account. For example, if you have purchased five certificates, you can submit five revocation requests. After you submit five revocation requests, you can no longer request to revoke certificates.
  • If you submit a revocation request and complete the revocation process within 28 calendar days after the certificate is issued, the quota that is consumed to apply for the certificate is resumed. If the revocation process is complete after the certificate is issued for more than 28 calendar days, the quota that is consumed to apply for the certificate is not resumed.

Instructions on refund requests after a certificate is revoked

CAs process a certificate revocation request within a maximum of five business days. If you want to revoke a certificate and claim a refund, you must submit the revocation request in the SSL Certificates Service console at least five business days before the 28 calendar days elapse. The 28 calendar days starts from the time when the certificate instance is purchased.

Notice Otherwise, the revocation request may fail to be approved in time. As a result, the refund request will be rejected.

Procedure

  1. Log on to the SSL Certificates Service console.
  2. On the Manage Certificates tab of the SSL Certificates page, select Issued from the status drop-down list above the certificate list.
    This operation displays all the certificates that are issued by CAs.
  3. Find the certificate that you want to revoke and click Revoke in the Actions column.
  4. In the Revoke Certificate panel, specify the revocation request information and click OK.
    You must configure Revocation Cause based on the actual situation.
  5. In the Note message, confirm the revocation operation and click OK to submit the revocation request.
    If you submit a revocation request for an extended validated (EV) certificate, the CA sends an email for you to confirm the revocation request. You must check and reply the email at the earliest opportunity. Otherwise, the time when the revocation request is approved may be delayed.
    Warning After an issued certificate is revoked, it cannot be restored. Proceed with caution when you revoke a certificate.
    After you submit the revocation request, you can select Validating Revocation from the status drop-down list above the certificate list on the Manage Certificates tab to view the progress of the revocation.

    If you select Automatic Refund when you submit the revocation request, Alibaba Cloud automatically initiates a refund process after the certificate is revoked.