A data security specialist by Swiss Post

What does revocation mean?

Revocation is a process that declares certificates invalid. Revoked certificates are listed on Certificate Revocation Lists’ (CRLs). CRLs are published periodically by the CA. Certificate revocation is also shown (directly after being blocked) via the Online Certificate Status Protocol (OCSP). CRLs and OCSP are publicly available, but only the revoked certificate’s serial number is published.


When an encryption certificate is revoked, it’s very important that you keep the private key. You will still need it to decrypt data you encrypted using this old or revoked certificate. When a signature certificate is revoked, you can delete the private key, as you will no longer be able to use it for a valid digital signature.