Revoking Client Certificates

After a client authenticates, you can revoke its certificate if you have any reason to doubt its validity. When you do, that client is no longer authenticated for trusted communication. It is removed from the console and a revocation list is updated and collected by all relays, so that the client's key can no longer be used to communicate with authenticating relays.

To revoke a computer:

  1. Right-click a computer in any list of computers.
    This window displays a pop-up menu where the Revoke Certificate option is selected.
  2. From the pop-up menu, click Revoke Certificate.
  3. From the confirmation dialog click OK if you are sure you want to remove the computer certificate.

This sends revocations down to the relays. After revoked, that client can no longer use its private key to gather content from the authenticating relays. The revoked client disappears from the computer list in the console.