tencent cloud

SSL Certificates

Release Notes
Announcements
Notice on price adjustment of DigiCert and its affiliated brands'SSL certificates​
Price Change to DigiCert SSL Certificates
TrustAsia Root Certificate Update
Domain Validation Policy Update
SSL Certificate Service Console
Multi-Year SSL Certificate and Automatic Review
Notice on Stopping the Issuance of 2-Year SSL Certificates by CAs Starting from September 1, 2020
Announcement on Stop Using the Symantec SSL Certificate Name After 30 April 2020
Notice on Certificate Revocation Due to Private Key Compromises
Notice on Application Limits for DV SSL Certificates
Notice on Adjustment of Free SSL Certificates Policy
Let's Encrypt Root Certificate Expired on September 30, 2021
Product Introduction
Overview
Introduction to Tencent Cloud SSL Certificates
Strengths
Advantages of HTTPS
Browser Compatibility Test Report
Multi-Year SSL Certificate and Automatic Review Overview
SSL Certificate Security
Purchase Guide
Pricing
SSL Certificate Purchase Process
SSL Certificate Selection
Paid SSL Certificates Renewal
SSL Certificate Renewal Process
SSL Certificate Refund Process
Getting Started
Certificate Application
Information Submission Process for Paid SSL Certificates
Domain Ownership Validation
Domain Validation Method Selection
Automatic DNS Addition
DNS Validation
File Validation
Automatic DNS Validation
Automatic File Validation
Validation Result Troubleshooting Guide
Operation Guide
Domain Ownership Verification
Uploading Certificates
Secured Seal
CSR Management
Certificate Installation
Installing an SSL Certificate on a Tencent Cloud Service
Installation of International Standard Certificates
Selecting an Installation Type for an SSL Certificate
Certificate Management
Instructions on SSL Certificate Auto-Renewal
Certificate Hosting
Uploading (Hosting) an SSL Certificate
Reminding Reviewers to Review an SSL Certificate Application
Revoking an SSL Certificate
Deleting an SSL Certificate
Reissuing an SSL Certificate
Ignoring SSL Certificate Notifications
Customizing SSL Certificate Expiration Notifications
API Documentation
History
Introduction
API Category
Making API Requests
Certificate APIs
Certificate Renewal (Certificate ID Unchanged) APIs
CSR APIs
Data Types
Error Codes
Use Cases
Automatic Solution for Implementing and Issuing Multi-Year Certificates and Binding Resources
Apple ATS Server Configuration
Quickly Applying for a Free SSL Certificate via DNSPod
Enabling Tencent Cloud DDNS and Installing Free Certificates for Synology NAS
Batch Applying for and Downloading Free Certificates Using Python-based API Calls
Profile Management
Adding Organization Profile
Adding Administrator
Adding Domain
Troubleshooting
Domain Validation Failed
Domain Security Review Failed
Website Inaccessible After an SSL Certificate is Deployed
404 Error After the SSL Certificate is Deployed on IIS
“Your Connection is Not Secure” is Displayed After the SSL Certificate is Installed
Message Indicating Parsing Failure Is Displayed When a Certificate Is Uploaded
Automatic DNS Validation Failed for a Domain Hosted with www.west.cn
Host Name Field Cannot Be Edited in IIS Manager When Type Is Set to https
Message Indicating Intermediate Certificates Missing in Chain Is Displayed When a Free SSL Certificate Is Deployed on IIS
FAQs
SSL Certificate Selection
SSL Certificate Application
SSL Certificate Management
SSL Certificate Installation
SSL Certificate Region
SSL Certificate Review
SSL Certificate Taking Effect
SSL Certificate Billing and Purchase
SSL Certificate Validity Period
Related Agreement
SSL Service Level Agreement
Contact Us
Glossary
DocumentationSSL CertificatesCertificate ManagementRevoking an SSL Certificate

Revoking an SSL Certificate

PDF
Focus Mode
Font Size
Last updated: 2024-03-06 17:44:06

Overview

To facilitate the management of certificates that are no longer needed, Tencent Cloud provides the certificate revocation feature. You can apply for revocation of SSL certificates on Tencent Cloud. Generally, you may revoke SSL certificates in the following scenarios:
You do not need to continue using the issued certificates.
For security reasons, the issued certificates are no longer used.
Note:
If an issued certificate has not expired, you can delete it from the certificate list only after the certificate is revoked. A certificate that has not been revoked cannot be deleted.

Must-Knows

Certificate Type
Notes
All certificates
After the application for revoking an SSL certificate is submitted, the certificate cannot be downloaded or deployed. In addition, certificate revocation cannot be canceled. Therefore, exercise caution when revoking a certificate.
After the SSL certificate revocation application is submitted and approved, the SSL certificate is deregistered from the issuing authority. After the certificate is revoked, the encryption effect is lost and the browser does not trust the certificate any more.
You can use the SSL certificate revocation feature to revoke only certificates issued in Tencent Cloud but not any uploaded third-party certificates.
Non-WoTrus international standard certificates and DNSPod Chinese SM (SM2) certificates
You cannot revoke certificates that will expire within 30 days and are in the "to be renewed" status.
To revoke a reissued order, you need to revoke the original one, and the reissued order will be automatically revoked along with the original one.
You cannot revoke certificates issued before March 25, 2020 on your own. If you have such needs, contact us for assistance.

Prerequisites

You have logged in to the SSL Certificate Service console.

Directions

Note:
If the domain bound to the SSL certificate you apply for has expired and been deleted, and you need to revoke the certificate and perform related parsing operations, contact us for assistance.

Selecting the certificate to revoke

1. Go to the My Certificates page, select the target certificate, and click More > Revoke.
2. On the Certificate Revocation Request page, validate your certificate or submit the required information based on your certificate type. For more information, see Revoking different types of certificates.
Note:
After the certificate is revoked successfully, the certificate enters the revoked status. You can log in to the SSL Certificate Service console and delete the certificate from the Tencent Cloud system.

Revoking different types of certificates

Revoking DNSPod Chinese SM (SM2) DV and WoTrus certificates

1. On the Certificate Revocation Request page, enter the revocation reason in the Revocation Information area.
2. Click Next to complete the revocation application.
3. Reviewers manually review the revocation information. After the review is passed, the certificate will be formally revoked.

Revoking DNSPod GM (SM2) EV and OV certificates

1. On the Certificate Revocation Request page, enter the revocation reason in the Revocation Information area.
2. Click Next to upload the certificate revocation application.
3. Click Download application template and enter application information in the template.
4. Upload a photo or scan of the application stamped with the official seal.
5. Click Upload to upload the application and click Next.
Note:
The application file can be up to 1.4 MB in JPG, GIF, or PDF format.
After the application file is uploaded, it cannot be uploaded again. Make sure that the application file is uploaded correctly.
6. Reviewers manually review the revocation information. After the review is passed, the certificate will be formally revoked.

Revoking other DV certificates

1. On the Certificate Revocation Request page, click Next to submit an SSL certificate revocation application.
2. After submitting the SSL certificate revocation application, configure the verification information as instructed as soon as possible.
Note:
If your DV certificate is purchased from TrustAsia (2-year or 3-year wildcard domain) and you have configured automatic DNS or file validation for the domain you are applying for, ownership verification is not required.
If your certificate originally adopts the automatic DNS validation mode but now the conditions for automatic validation are not met, the manual DNS validation mode will be automatically adopted.
If the certificate adopts the DNS validation mode, add DNS records within three days; otherwise, the revocation will fail. The certificate will be revoked after the successful validation. For detailed directions, see DNS Validation.
If the certificate adopts the file validation mode, add file records within three days and make sure that the files can be accessed successfully; otherwise, the revocation will fail. The certificate will be revoked after the successful validation. For detailed directions, see File Validation.

Revoking OV/EV certificates of other brands

1. On the Certificate Revocation Request page, enter the revocation reason in the Revocation Information area.
2. Click Next to upload the certificate confirmation letter.
3. Click to download the confirmation letter template and enter information in the confirmation letter.
4. Upload a photo or scan of the confirmation letter stamped with the official seal.
5. Click Upload to upload the confirmation letter and click Next.
Note:
The confirmation letter file can be up to 1.4 MB in JPG, PNG, or PDF format.
If automatic DNS or file validation has been configured for the domain applied for, you do not need to upload the confirmation letter.
6. Reviewers manually review the revocation information. After the review is passed, the certificate will be formally revoked.
Previous Topic: Reminding Reviewers to Review an SSL Certificate ApplicationNext Topic: Deleting an SSL Certificate

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback