Revocation of SSL Certificate

Feb 19, 2024

Revocation of SSL Certificate

  

How to Revoke Your GlobalSign SSL Certificate

Article Purpose:

This article provides step-by-step instructions on how to revoke a GlobalSign SSL Certificate in your GlobalSign Certificate Center (GCC) account. 

IMPORTANT: Before you proceed with the revocation, you will need to reissue first so you don't have to order your Certificate again. 

Step-by-Step Guidelines

  1. Log into the GlobalSign Certificate Center (GCC).
  2. The process is slightly different depending on which of the navigation tabs you are using (SSL CERTIFICATES or MANAGED SSL).
    image_3.png
  3. When using the SSL CERTIFICATES tab:

    a. Click Search Order History in the left navigation area and press EDIT to view details.

    b. Press the Revoke Certificate button at the top (or bottom) of the page.



    c. If you are permitted to revoke the Certificate, then you will be prompted for the reason. For more information and guidance on selecting revocation reasons please see this support article



    d. If you are not permitted to revoke the Certificate, you will see guidance on how to request revocation. You may request revocation by sending an email to report-abuse@globalsign.com or opening a case using this page and our support team will work with you to validate your request and revoke the requested Certificate(s).
  4. When using the MANAGED SSL tab:

    a. Click on the "Find & report on Certificates" button.


     

    b. Locate the Certificate and click the Revoke button.



    c. Select revocation reason and submit. For more information and guidance on selecting revocation reasons please see this support article.
    Note: For Partners/Resellers, the only available option for the reason for revocation is "unspecified".
    The rest of the options as shown below, will be available come March 2023. 


Important Note: Revoking an SSL Certificate will invalidate the Certificate. This is not the same as getting a refund from cancelling an order. The Revoke Certificate option will be available throughout the validity period of the Certificate unlike a cancellation request.

Revocation FAQs

What is revocation?

Certificate revocation is the process of permanently removing trust in a certificate. This can be done by adding the certificate to a Certificate Revocation List (CRL) or using a Online Certificate Status Protocol (OCSP).  

CRLs are binary files that contain the serial numbers of revoked certificates and in some cases a revocation reason. Each time a revocation check is performed, the client applications needs the CRL from the Issuing CA.  In some cases this may be cached from recent checks, but generally the CRL must be downloaded in full and searched. Over time, the CRLs grow as the number of certificates are revoked and this results in large CRLs and increased latency during the TLS handshake. OCSP addresses some of the performance and scalability issues inherent to CRLs. Instead of having to download a full revocation list each time, the OCSP server can be queried like a database for a specific certificate entry. The OCSP response is signed by the CA and contains a status for the certificate.

Revocation can happen for a variety of reasons, such as a private key being compromised, a change of information in the certificate, a certificate being mis-used by a malicious party or simply that the certificate is no longer required.

Because trust is removed upon revocation, any negative impact of relying on the certificate is reduced. Because this is a permanent action that protects relying parties, Certificate Authorities (CAs) like GlobalSign must ensure that revocations are properly authorized and happen swiftly. GlobalSign therefore has 24/7 revocation capabilities.

Who can request revocation?

The Subscriber or the Subject (the entity or individual named in a certificate), the Partner/Reseller, the Registration Authority (RA) or the Certificate Authority (CA) can initiate revocation. This means that if the revocation is requested and authorized by these parties, the revocation is guaranteed to be performed.

Other third parties may request revocation, for example if they have proof that the private key is compromised, or that the certificate has been used for malicious purposes. These revocation requests are subject to review by the CA. 

How to request revocation?

Any Subscriber or Subject who have access to their own account with GlobalSign, can request revocation anytime via their account. This is simple and almost instantaneous. For SSL, please see the following guide:

Subscribers or Subjects that don’t have access to their own account, as well as any other third party who believes there is a reasonable cause to revoke a certificate, can contact GlobalSign using this form for any type of revocation request: https://www.globalsign.com/en/report-abuse. Please provide as much information as possible, to ensure that our team can review the request quickly.

Particularly useful is any information that allows us to identify the reported certificate, and any evidence of mis-use or key compromise. GlobalSign maintains 24/7 capabilities to review these requests within 24 hours. Depending on the reason for the request, we may contact you to obtain additional information. For example, if you contact us to request the revocation of one of your own certificates, we may request additional proof that you are indeed the Subscriber or Subject. If you contact us about a possible compromised key, we will request evidence that the key has in fact been compromised. 

Also, for compromised key, you will need to reissue first before revoking so you don't have to order your Certificate again. 

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support