When does a user certificate need to be revoked?

• Your personal data, as included in the certificate, is no longer valid/applicable.
• Your private RSA key (i.e. your .p12-file) or your password to the file containing it has been compromised.
• You are no longer authorised to use the certificate (e.g. you are not allowed to use the email address anymore).

Old DFN-PKI certificates are not displayed in the RA-Portal and need to be revoked through a separate request at the DFN-PKI Webpage.

You can revoke your user certificates in the RA-Portal:

• in case of client certificates issued by Sectigo, revocation takes place within the following 7 working days due to contract termination.
• in case of client certificates issued by Harica, revocation takes place immediately.

Please select the "Widerrufen" button next to the client certificate you wish to revoke.

Next, you need to confirm the revocation with "Ja". You will receive a confirmation, of the revocation, by email as soon as the revocation is completed. The revocation can not be reversed.

Revoked certificates will still be displayed in the RA-Portal as following:

• Set the dropdown display filter to "Abgelehnte, abgelaufene, widerrufene"
• and press "Zertifikate Filtern"

You recognise the revoked user certificates by the large red "forbidden" icon next to it.

If you require a new user certificate for your email address, you can apply for a new client certificate via the RA-Portal. It is not possible to continue using a certificate that has been revoked.