000027484 - Why do certificate passed validity period still show active in RCM ?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000027484
Applies ToRSA Certificate Manager 6.7
RSA Certificate Manager 6.8
RSA Certificate Manager (RCM)
IssueWhy do certificate passed validity period still show active in RCM ?
 Certificates that have passed their validity period still stay as ?active? rather than become in-active or get suspended.

Even though the certificate has expired, it is still considered active and can be renewed by RCM depending on your configuration.


Here is information on certificate status:


An end-entity certificate has one of three statuses:


Active. The normal status for a certificate. Newly issued certificates are active, meaning they may be used to perform the functions for which they were issued.


Suspended. Makes a certificate temporarily invalid. Certificate suspension is like a temporary revocation. An end-entity who presents a suspended certificate is denied the PKI privileges the certificate would normally allow. For example, you can issue certificates to customers to access your web site. You can suspend the certificates of any customers with overdue accounts. You can then reinstate those certificates, after payment is made.


Revoked. Makes the certificate permanently invalid. If a certificate is revoked, the end-entity presenting the certificate is denied PKI privileges the certificate would normally allow. The nature of PKIs makes certificate revocation necessary. When a certificate is

issued, an expiration period is embedded into the certificate. However, if the CA wants to retract the certificate before it expires, the certificate cannot be physically recalled. The concept of revoking a certificate was developed to handle this problem.


You can change the status of an end-entity certificate in the following ways:


Suspending. Changes the status from active to suspended and removes rights and privileges.


Reinstating. Changes the status from suspended to active, and returns the rights and privileges removed during suspension.


Revoking. Changes the status from active or suspended to revoked, and permanently removes all rights and privileges, but leaves the certificate in the database.


Deleting. Removes the certificate completely from the database. However, the deleted certificate may still exist in other installations, and be used by applications. It is best, therefore, to revoke certificates. Use the deletion feature only if the certificate has never been used (for example, if it has been issued for test purposes only).


Legacy Article IDa55416