Revocation is the process that makes a certificate invalid. Revoked certificates are listed in the Certificate Revocation List (CRL), and the CRL is published by the CA as per the corresponding CP/CPS (Certificate Policies CP/Certificate Practice Statements).
When an encryption certificate is revoked, it is extremely important that you store the corresponding private key. You will still need this key to decrypt data that was encrypted using the old (revoked) certificate. When a signing certificate is revoked, you can safely delete the private key, because you can no longer use it to create valid signatures.
No, revoked certificates or certificates declared invalid also remain on the Certificate Revocation List (CRL) after the expiry date indicated in the certificate. The reason is that for the validation of the signature it is important to know when a certificate was revoked.
Basically the end customer or partner has no entitlement to reimbursement or credit according to §3.1 and §3.2 of the general terms and conditions. In all cases it is therefore always a concession on the part of SwissSign.
However we have seen that customers are very satisfied with their SwissSign certificates and currently act according to the following goodwill regulations: within 30 days of issue, every customer has the choice of a refund or a 100% voucher at the amount of the purchased and revoked (withdrawn) certificate.
After 30 days the customer receives a voucher for the remaining period of validity of the certificate in question in the event of revocation.
Of course, this does not affect the warranty obligation of SwissSign regarding advice and the issuing of certificates.
Reasons for revoking a certificate or declaring it invalid:
Both the certificate holder and also the CA can revoke a certificate. With e-mail certificates with organization entry the corresponding organization can also request the revocation. CA/SwissSign puts revoked certificates (serial number) on the corresponding Certificate Revocation List (CRL) which is publicly accessible and referenced in all SwissSign certificates.
You can revoke SwissSign certificates in three ways:
Technical terms and contract terms
A certificate includes a specific period of validity (technical term). For the Managed PKI service, this is independent of the commercial contract term (performance period). During the performance period, certificates can thus be issued with a validity which goes well beyond the end of the performance period. The contract is unlimited in duration and may be terminated subject to a notice period of three months to the end of the one-year service period.
Revocation and re-issue
A certificate revocation (withdrawal) followed by a subsequent re-issue (e.g. employee change) only constitutes the acquisition of a single certificate.
Revocation – contract termination
At the end of the contract, those certificates which are still valid are withdrawn – either by you yourself or our Support team. Please contact us in this regard by sending an e-mail to email@example.com or calling +41 848 77 66 55.
Since 1 April 2015, CAs have no longer been able to issue 5-year SSL certificates. If, after this period, the customer uses certificate licences which were purchased before, we are obliged to withdraw these licences. Affected customers can have their certificate reimbursed by us or receive a 3-year certificate and a voucher to purchase another certificate. Please contact our support team here.