Revoke a Certificate

Various circumstances can invalidate a certificate before the expiration date. Some examples are a change of name, change of association between subject and certificate authority (for example, an employee terminates employment), and compromise (known or suspected) of the private key. Under such circumstances, the certificate authority (CA) that issued the certificate must revoke it. The following task describes how to revoke a certificate for which the firewall is the CA.
  1. Select DeviceCertificate ManagementCertificatesDevice Certificates.
  2. If the firewall supports multiple virtual systems, the tab displays a Location drop-down. Select the virtual system to which the certificate belongs.
  3. Select the certificate to revoke.
  4. Click Revoke. PAN-OS immediately sets the status of the certificate to revoked and adds the serial number to the Online Certificate Status Protocol (OCSP) responder cache or certificate revocation list (CRL). You need not perform a commit.

Related Documentation