Digital Certificates are an integral part of a Public Key Infrastructure (PKI) and cybersecurity as a whole. The certificates can encrypt communications and authenticate the identity of users and machines. In some instances, however, a certificate needs to be removed, such as when the user leaves the organization. These issues can be solved by revoking the certificates before the end of the validity period.
Revoking the Certificates is disabling the SSL/TLS certificate before the certificate’s expiry date. One of the main reasons you would revoke a certificate is due to the user departing the company – you wouldn’t want them to have access to valuable resources once they’re no longer part of the organization. Revoked certificates are stored in the Certificate Revocation List (CRL). The Certificate Revocation List contains the serial numbers of revoked certificates and their revocation times.
Prerequisites:
Our JoinNow Connector PKI is much faster than AD CS in finding and revoking certificates, which is why we’ll be referencing it more below. Here is what else you’ll need to revoke certificates in AD CS:
- Windows Active Directory Certificates Services
- Revoking the Certificates in Windows Active Directory
- JoinNow Connector PKI
- Optional: JoinNow MultiOS for certificate distribution
What is Windows (AD CS)?
Windows Active Directory Certificate Services is commonly known as Windows (AD CS). It was introduced in the 2008 version of Windows Server. The server role helps create and organize the Public Key Infrastructure (PKI) and is used for file encryption, digital signatures, messages, and emails.
Steps for Revoking Certificates in Active Directory:
There are a few initial steps you need to take to revoke the certificates in Active Directory:
- Go to the start menu, then click the Administrative tools option.
- In the Administrative tools, select the Certificate Authority.
Source: https://www.altaro.com/hyper-v/view-revoke-manually-approve-certificates/
- After that, Expand Certificate Authority (CA) and choose the Issued Certificate Folder.
Source: https://www.altaro.com/hyper-v/view-revoke-manually-approve-certificates/
- After selecting the Issued Certificate folder, you can see a list of issued and valid certificates on the right side panel which contains different columns: Request ID, Requester Name, Binary Certificate, Certificate Template, and Serial Number.
Source: https://www.altaro.com/hyper-v/view-revoke-manually-approve-certificates/
- Select the specific certificate, right-click on the certificate, select All Tasks and click the Revoke Certificate Icon.
Source: https://www.altaro.com/hyper-v/view-revoke-manually-approve-certificates/
- Enter the reason code and timestamp. Then click Yes.
- The Certificate Authority will process the certificate immediately into the revoked list.
Source: https://www.altaro.com/hyper-v/view-revoke-manually-approve-certificates/
JoinNow Connector MultiOS Certificate Distribution
Our SecureW2 JoinNow MultiOS is a world-renowned onboarding service that uses digital certificates to secure the WLAN and enable certificate-based EAP-TLS.
With JoinNow MultiOS, the certificate deployment process can be made simple by automatically handling the whole enrollment process for BYOD/unmanaged devices. Once configured, the certificate will be connected to the required WLAN/LAN or VPN.
Revoking the Certificate in JoinNow Connector PKI:
Compared to AD CS, the certificate revocation process is very straightforward with SecureW2’s JoinNow Connector PKI. Searching for individual certificates in our management portal is simple – a feature that is significantly more complex with AD CS.
Our management portal allows admins to easily revoke certificates before the expiry date for various circumstances, such as the employee changing roles (and therefore needing different authorization) or the employee leaving the organization entirely.
Once a certificate is revoked, the user or device isn’t trusted by your network. Only users and machines with valid, unrevoked certificates can be authenticated.
Steps for Revoking the Certificate by using the JoinNow Connector PKI Certificate Management Portal:
There are a few simple steps to be followed for revoking any certificate.
- Select the Device Onboarding option.
- After selecting the option, click the Devices option. You will find a list of JoinNow Device certificates on the right side.
- On the Right Side, click any of the “JoinNow Devices.”
- The device pane is displayed.
- In the Device panel, use the search filter to find the specific certificate you wish to revoke.
- Under the Devices option, click the device link. The basic information will appear.
- Under the Issued Certificate, Click the Revoke button.
- The certificate gets revoked a few minutes later.
Why is SecureW2 JoinNow Connector PKI Better than Windows Active Directory for revoking the Certificate?
SecureW2’s JoinNow Connector PKI has vastly improved certificate searchability compared with AD CS. We empower admins to search for individual user and machine certificates easily and quickly.
In Windows AD CS, however, admins cannot find an individual certificate quickly in a massive number of files. As a result, the searching process is slower, decreasing the admin’s productivity and needlessly taking up their time.
The SecureW2 JoinNow Connector PKI can make the entire revoking process easy and cost-effective. What’s more, it can search and revocate more certificates in short order. You can check our pricing here for the full suite of our certificate and authentication services.
