Revoking a rotated root certificate
By default, a rotated root certificate is still valid and can be used for establishing trust until it expires. You can revoke it once it is no longer needed.
When revoking a rotated root certificate, the following happens:
- The root certificate is marked as revoked and included in the Grid's certificate revocation list.
- Any client certificate issued by that root certificate is marked as revoked and added to the Grid's certificate revocation list.
- HTTPS certificates issued by that root certificate will be renewed and issued by a valid root certificate.
- The server certificates, if issued by the revoked root certificate, will be automatically rotated.
Note: The current root certificate cannot be revoked. If the
current root certificate is compromised, you must first rotate the root certificate to get a
new current root certificate. After rotation, revoke the previous root certificate, which
will then be listed among the rotated root certificates.