PreviousNextUp[Front page] [Index]

Viewing Certificates

To view a certificate, first search the certificate from the Database with the normal search function. See Section Database Search Options.

To view a CA certificate, click View Certificate on the CA Hierarchy or Certification Authority page.


gui-certificate-17.gif
Figure : The Certificate page

On the Certificate page, you can Revoke or Suspend the certificate by clicking the appropriate button at the bottom of the page. If the certificate is already suspended (it is in hold status) the Suspend button is replaced with the Reactivate button that can be used to reactivate the certificate.

Suspension and reactivation take place immediately after you click the button (but there will be a delay, depending on the CA settings, before the information will appear in the CRL).

If you select to Revoke the certificate, you will be asked for confirmation. On the Revoke Certificate page, you can give a Reason Code for the revocation (as per RFC 3280), adjust the Invalidity Date, and add a Comment to the revocation. The comment is visible in SSH Tectia Certifier only. The revocation codes and the invalidity date (only if its value is changed) are stored in the CRL. The following reason codes can be used:

  • No reason code
  • Key compromise
  • CA compromise
  • Affiliation changed
  • Superseded
  • Cessation of operation
  • Privilege withdrawn

It is also possible to revoke (but not suspend) several certificates at the same time. See Section Search Results for more information. Revocation reason codes cannot be used in mass revocations.

After suspension or revocation, the revocation information is included in the next published CRL (it is immediately available for OCSP). After that the certificate cannot be used any longer by the PKI client applications.

The only difference between suspension and revocation is that a revocation cannot be reversed. If a suspended certificate is reactivated, the suspension information will be removed from the next published CRL.

In addition to revocation, you can choose to Re-publish or reissue the certificate by clicking the appropriate button on this page. Clicking the Reissue Certificate button opens the request processing page with preset values from the certificate. See Section Processing Requests.

Viewing and Exporting Private Keys


PreviousNextUp[Front page] [Index]