What does revocation mean?

Revocation is the process that makes a certificate invalid. Revoked certificates are listed in the Certificate Revocation List (CRL), and the CRL is published by the CA as per the corresponding CP/CPS (Certificate Policies CP/Certificate Practice Statements).


When an encryption certificate is revoked, it is extremely important that you store the corresponding private key. You will still need this key to decrypt data that was encrypted using the old (revoked) certificate. When a signing certificate is revoked, you can safely delete the private key, because you can no longer use it to create valid signatures.