RSA Certificate Manager 6.8
RSA Certificate Manager (RCM)
Certificates that have passed their validity period still stay as ?active? rather than become in-active or get suspended.
Even though the certificate has expired, it is still considered active and can be renewed by RCM depending on your configuration.
Here is information on certificate status:
******
An end-entity certificate has one of three statuses:
Active. The normal status for a certificate. Newly issued certificates are active, meaning they may be used to perform the functions for which they were issued.
Suspended. Makes a certificate temporarily invalid. Certificate suspension is like a temporary revocation. An end-entity who presents a suspended certificate is denied the PKI privileges the certificate would normally allow. For example, you can issue certificates to customers to access your web site. You can suspend the certificates of any customers with overdue accounts. You can then reinstate those certificates, after payment is made.
Revoked. Makes the certificate permanently invalid. If a certificate is revoked, the end-entity presenting the certificate is denied PKI privileges the certificate would normally allow. The nature of PKIs makes certificate revocation necessary. When a certificate is
issued, an expiration period is embedded into the certificate. However, if the CA wants to retract the certificate before it expires, the certificate cannot be physically recalled. The concept of revoking a certificate was developed to handle this problem.
You can change the status of an end-entity certificate in the following ways:
Suspending. Changes the status from active to suspended and removes rights and privileges.
Reinstating. Changes the status from suspended to active, and returns the rights and privileges removed during suspension.
Revoking. Changes the status from active or suspended to revoked, and permanently removes all rights and privileges, but leaves the certificate in the database.
Deleting. Removes the certificate completely from the database. However, the deleted certificate may still exist in other installations, and be used by applications. It is best, therefore, to revoke certificates. Use the deletion feature only if the certificate has never been used (for example, if it has been issued for test purposes only).
******
Related Articles
FIM error "Cannot find an association based on the EntityID that was passed in" Number of Views Unauthorized change rule triggered although change request for add access has passed approval phase in RSA Identity Govern… Number of Views How does sdshell extract the uid from UNIX after logging on to UNIX and pass the information to ACE/Server? Number of Views Generic REST Collector does not replace Query Parameters passed as part of the POST Request Body in RSA Identity Governanc… Number of Views Verid - Improve accuracy of displayed pass/fail rate statistics per question type in Question Summary report Number of Views
Trending Articles
How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device Connection fails to Cloud Authentication Service when connecting through a proxy server from RSA Authentication Manager to… Downloading RSA Authentication Manager license files or RSA Software token seed records Unable to login to RSA Authentication Manager Security Console as super admin RSA Authentication Manager 8.9 Release Notes (January 2026)
