Menu

TLS Certificate Revocation Reasons

May 8, 2023

TLS Certificate Revocation Reasons

This support article provides guidance for GlobalSign TLS certificate subscribers on the use of the permitted certificate revocation reasons

In compliance with the Mozilla policy on TLS Certificate Revocation, TLS Certificates may be revoked ONLY for one of the following reasons:

  • unspecified (RFC 5280 CRLReason #0)
  • keyCompromise (RFC 5280 CRLReason #1)
  • affiliationChanged (RFC 5280 CRLReason #3)
  • superseded (RFC 5280 CRLReason #4)
  • cessationOfOperation (RFC 5280 CRLReason #5)
  • privilegeWithdrawn (RFC 5280 CRLReason #9) - Note: This reason code can only be used by CA initiated revocations.

 

Subscriber Revocation Reason Options

  • unspecified (RFC 5280 CRLReason #0)
    • When the reason codes below do not apply to the revocation request, the subscriber can opt to not provide a reason in which case GlobalSign will record the reason as "unspecified".  This is the default value when no reason is supplied.
  • keyCompromise (RFC 5280 CRLReason #1)
    • The certificate subscriber must choose the "keyCompromise" revocation reason when they have reason to believe that the private key of their certificate has been compromised.
  • affiliationChanged (RFC 5280 CRLReason #3)
    • The certificate subscriber should choose the "affiliationChanged" revocation reason when their organization's name or other organizational information in the certificate has changed.
    • This option does not apply to DV certificates that do not include any Subject Identity information.
  • superseded (RFC 5280 CRLReason #4)
    • The certificate subscriber should choose the "superseded" revocation reason when they request a new certificate to replace their existing certificate.  Note that the certificate will be immediately revoked so this option should only be used once the new certificate has been installed on all applicable servers.
  • cessationOfOperation (RFC 5280 CRLReason #5)
    • The certificate subscriber should choose the "cessationOfOperation" revocation reason when they no longer own all of the domain names in the certificate or when they will no longer be using the certificate because they are discontinuing their website.

How to request revocation

GlobalSign Certificate Center (GCC) customers should follow the process on this page: https://support.globalsign.com/ssl/ssl-certificates-life-cycle/revocation-certificate

Our Atlas customers can perform revocation via the Atlas APIs.  Please download the latest GlobalSign Atlas Certificate Management API Guide for more details.

Anyone can request revocation by sending an email to report-abuse@globalsign.com or opening a case using this page and our support team will work with you to validate your request and revoke the requested certificate(s)

Related Articles

DomainSSL Overview

Feb 28, 2020, 7:27 AM

An Overview of DomainSSL As one of the most popular SSL Certificates on the web, DomainSSL is one of the fastest and most affordable ways to activate strong SSL protection for your website. DomainSSL is fully automated which means you'll be able to start protecting your ecommerce, logins, webmail and more in just a few minutes, 24/7. keywords: domain ssl overview, domain ssl certificates, dv ssl certificates, dvssl, dv, ssl, domain overview

Read More

OrganizationSSL Overview

Mar 2, 2020, 7:38 AM

High assurance OrganizationSSL Certificates provide instant identity confirmation and strong SSL protection for your website. Your customers see that GlobalSign has authenticated your identity - strengthening their trust that they're doing business with the right people.

Read More

Enhanced Certificate Details Overview

Aug 26, 2013, 12:35 PM

This section of the application is one of the most critical parts, as incorrectly entered details will require the application to be re-submitted and possibly re-signed by the certificate requestor if inaccuracies are discovered at a later stage.

Read More

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support

Contact Us
close
Sales: 1-877-775-4562
Support: 1-877-775-4562
E-Mail: sales-us@globalsign.com