Certificate revocation status monitoring
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure AWS connection
- Configure Azure Key Vault connection
-
- Workload Identity Federation authentication
- Workload Identity Federation - Azure Identity Provider authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Workload Identity Federation authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Supported OIDC claims
-
-
-
-
- Create an F5 BIG-IP LTM machine
- Create a Microsoft Azure Private Key Vault machine
- Create a Microsoft IIS machine
- Create a Microsoft Windows (PowerShell) machine
- Create a Microsoft SQL Server machine
- Create a Common KeyStore machine
- Create a Citrix ADC machine
- Create an Imperva WAF machine
- Create a VMware NSX Advanced Load Balancer (AVI) machine
- Create an A10 Thunder ADC machine
- Create a Cloudflare machine
- Create Kemp Virtual LoadMaster machine
- Create a Palo Alto Panorama machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing certificate lifecycle settings
- Reissuing certificates in Next-Gen Trust Security
- Downloading certificates, certificate chains, and keystores
- Retiring, recovering, and deleting certificates
- Finding certificates in the certificate inventory
- Importing certificates from a CA using EJBCA
- Notification Center overview
- Domain-based validation for external emails
- Managing user accounts
- Troubleshooting
Certificate revocation status monitoring
Next-Gen Trust Security automatically checks the revocation status of non-expired, public (DNS-resolvable) certificates every six hours using Certificate Revocation Lists (CRLs). These checks apply only to leaf and intermediate certificates that are stored in the Certificates inventory.
Important: Root certificates cannot be revoked and are not included in revocation status monitoring.
Manually search a certificate's revocation information
You can manually search and review the current revocation status of a certificate in Next-Gen Trust Security.
- In the menu bar, go to Inventory > Certificates.
- In the Certificates list, click a certificate to view its details.You can also use filters to locate a specific certificate.
- Click Revocation to view revocation-related data.
Understanding certificate revocation information
The Revocation tab in the certificate details view shows information about the certificate’s revocation state as reported by the issuing CA. The following table describes the revocation data fields you might see:
| Field | Description |
|---|---|
| Revocation status | The current trust status of the certificate as reported by the issuing CA. Possible values: Valid (certificate is active and trusted), Revoked (certificate has been revoked), Unavailable (revocation status could not be verified, for example if the CA endpoint is unreachable). |
| Revocation date | The date and time when the certificate was officially revoked by the CA. |
| Revocation reason | The reason provided by the issuing CA for revoking the certificate (for example, Superseded). |