If you revoke an SSL certificate before it expires, the certificate is deregistered from the certificate authority (CA) from which the certificate is issued. If you no longer use a certificate that is issued by using Certificate Management Service or you do not want to use the certificate for security reasons, you can submit a request to revoke the certificate by using the Certificate Management Service console. After the certificate is revoked, the certificate is no longer trusted by browsers. When a user accesses the website that uses the revoked certificate, the access may fail. For example, an error occurs, and requested pages cannot be displayed.
Prerequisites
- You are logged on to your Alibaba Cloud account.
- The certificate is purchased and issued by using Certificate Management Service.
If your certificate is a third-party certificate that is uploaded to the Certificate Management Service console for centralized management, you cannot revoke the certificate by using the Certificate Management Service console. You must log on to the certificate system of the certificate provider to revoke the certificate.
- The certificate is valid.
- The certificate is not hosted.
You cannot revoke a certificate that is hosted because the hosted certificate is automatically renewed when it is due to expire. If the hosted certificate is revoked, the automatic renewal fails.
Notice If you want to revoke a hosted certificate, you must cancel the certificates that are associated with the hosted certificate and are in the Not Activated state. This way, the certificate that you want to revoke is no longer hosted, and you can revoke the certificate.
Scenarios
- The information that you specified to apply for a certificate is invalid, but the certificate is issued. In this case, you must revoke the certificate, modify the information, and then submit the application.
- A certificate is issued, but you want to replace the domain names that are bound to the certificate.
- You do not want to use an issued certificate for security or other reasons.
Limits
- Each time you purchase a certificate by using Certificate Management Service, you can submit one revocation request for the certificate. The number of revocation requests that you can submit cannot exceed the number of certificates that you purchase by using the same Alibaba Cloud account. For example, if you have purchased five certificates, you can submit five revocation requests. After you submit five revocation requests, you can no longer request to revoke certificates.
- If you submit a revocation request and complete the revocation process within 28 calendar days after the certificate is issued, the quota that is consumed to apply for the certificate is resumed. If the revocation process is complete after the certificate is issued for more than 28 calendar days, the quota that is consumed to apply for the certificate is not resumed.
Instructions on refund requests after a certificate is revoked
CAs process a certificate revocation request within a maximum of five business days. If you want to revoke a certificate and claim a refund, you must submit the revocation request in the SSL Certificates Service console at least five business days before the 28 calendar days elapse. The 28 calendar days starts from the time when the certificate instance is purchased.