Revoke a Certificate Using certutil
This assumes HYPR Passwordless and Windows AD CS are installed and configured and a certificate has been issued.
When a user deregisters either a mobile device, a security key or a smart-card, a manual revocation of the certificate might be needed.
Instructions
-
To revoke a certificate using the
certutil
command, launch the command prompt as an admin from Windows CA server or Windows Server 2012 and above. -
Run the following command using this format:
certutil [options] -revoke serialnumber [reason]
For example:
certutil -config "MachineName\\CAName" -revoke certificateSerialNumber revocationReason
Get Serial
Smart card serial numbers can be found in the HYPR Passwordless logs or AD CS CA.