You are located in service: Certificates

Revoke a Certificate

Revoke a Certificate


When does a Certificate need to be revoked:

  • Server Certificate
    • you have implemented a new Certificate e.g. new HW
    • the server is no longer in use
    • the server has been compromised
  • User Certificate
    • your personal data, included in the certificate, is no longer valid/applicable
    • your private RSA key or your password to the file containing it has been compromised

    • you are no longer authorised to use the certificate


You can request that the registration authority revokes your certificate. This is done on the DFN-PKI Webpage and you need to enter the revocation PIN, specified at certificate application. If you have misplaced the PIN, contact the RWTH registration authority under 

We used Firefox to show an example of how to apply for a user certificate revocation.
Zertifikat sperren 1

Go to the DFN-PKI webpage.

Choose "Zertifikate" and then "Zertifikat sperren".

These pages are not available in english.

Zertifikat sperren 2

How to find out what the serial number of your certificate is

  • check out the e-mail you received when the certificate was issued to you
  • check out your Windows or e-mail application's certificate store
  • use OpenSSL (openssl x509 -in certificate.pem -text -noout)

Zertifikat sperren 3

Enter your revocation PIN.

Zertifikat sperren 4Your certificate revocation request has been sent to the registration authority and awaits approval.
Zertifikat sperren 5Your certificate has been revoked, this is the confirmation e-mail.

last changed on 01/29/2021

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License