When does a user certificate need to be revoked?

• Your personal data, as included in the certificate, is no longer valid/applicable.
• Your private RSA key (i.e. your .p12-file) or your password to the file containing it has been compromised.
• You are no longer authorised to use the certificate (e.g. you are not allowed to use the email address anymore).

Old DFN-PKI certificates are not displayed in the RA-Portal and need to be revoked through a separate request at the DFN-PKI Webpage.

You can revoke your GÉANT/TCS user certificates in the RA-Portal. Please select the round, red "Widerrufen" symbol next to the client certificate which you want to revoke.

Next, you need to confirm the revocation with "Ja". You will then be taken to a confirmation dialogue and receive a confirmation of the revocation by email. The revocation is not revocable.

Revoked certificates will still be displayed in the RA-Portal as following:

• Set the dropdown display filter to "Abgelehnte, abgelaufene, widerrufene"
• and press "Zertifikate Filtern"

You recognise the revoked user certificates by the large red "forbidden" icon next to it.

If you require a new user certificate for the email address, you can apply for a new client certificate via the RA-Portal. It is not possible to continue using a certificate that has been revoked.