Finally we released the possibility to revoke the certificate via command line. Revocation is a requirement to void a certificate for multiple reasons: you lost the private key, you private key has been compromised or someone is impersonating you, among others. Revoking a key is a way to tell others your certificate is not valid anymore, even before the expiration date.
In more detail, you are not revoking certificate. Only CA can do this. Actually you send a revocation request to the CA and, if you are a legitimate user to do the request, the CA will mark the certificate as revoked. Once it is revoke, there is no possibility to “unrevoke”. The process is irreversible.
The process can be performed by two ways:
- By using your account key. This key is the key used to communicate with the ACME server. It can be different from the private key of the certificate. Usually this is transparent to you if you did not modify any in your account and you are using the same client. Our client stores all the information and when you provide the certificate to revoke, the server is able to authenticate you. In this case, you need the certificate to revoke (the *.pem file).
- By using the PFX/P12 container. If you are in possession of the PFX/P12 file that you obtained previously (and you know the passphrase used to cipher the file), you simply specify the file to the client. It will use the private key contained inside to revoke the cert also contained in it. This is the simplest way to revoke a S/MIME certificate.
Including these two ways we are providing the necessary tools to users to manage their S/MIME certificates. But be cautious: if you suspect that your private key has been compromised, do not hesitate to request for another!
