Skip to main content

Revoke Certificate page configuration

The Identity Management (IdM) tool in SecureAuth® Identity Platform (formerly SecureAuth IdP) contains the Revoke Certificate page. As an administrator, use this page to view and revoke user certificates.

Prerequisites

A realm for the Revoke Certificate page with the following tabs configured before setting up the Post Authentication tab:

  • Overview

  • Data

  • Workflow

  • Multi-Factor Methods

Identity Platform configuration

  1. Go to the Data tab.

  2. In the Membership Connection Settings section, set the following to restrict this realm to to only administrators in the Group Permissions subsection.

    User Group Check Type

    Set to Allow Access.

    User Groups

    Enter the group name to which administrators belong. For example, Admins.

    Groups Field

    The groups field in the data store directory containing the group information for each user.

    70485462.png
  3. Save your changes.

  4. Go to the Post Authentication tab.

  5. In the Post Authentication section, set the following.

    Authenticated User Redirect

    Set to Revoke Certificate.

    Redirect To

    This field is autopopulated with the post authentication .aspx page. This is appended to the domain name and realm number in the web address bar. For example, Authorized/RevokeCert.aspx.

    70485461.png
  6. Save your changes.

Troubleshooting

In some situations, IIS caches the CRL and does not automatically grab the latest CRL for revocation. This can happen in realms using ActiveX plugin from SecureAuth to validate certificates or in realms validating Java certificates.

To force IIS to check for the updated CRL, run the following command as an administrator:

certutil -setreg chain\ChainCacheResyncFiletime @now