Skip to main content

Revoke a Certificate Using certutil

This assumes HYPR Passwordless and Windows AD CS are installed and configured and a certificate has been issued.

When a user deregisters either a mobile device, a security key or a smart-card, a manual revocation of the certificate might be needed.

Instructions

  1. To revoke a certificate using the certutil command, launch the command prompt as an admin from Windows CA server or Windows Server 2012 and above.

  2. Run the following command using this format:

    certutil [options] -revoke serialnumber [reason]

    For example:

    certutil -config "MachineName\\CAName" -revoke certificateSerialNumber revocationReason


Get Serial

Smart card serial numbers can be found in the HYPR Passwordless logs or AD CS CA.