Certificate revocation is the process of marking a certificate as no longer trustworthy before its normal expiration date.
Certificate revocation is the process of marking a certificate as no longer trustworthy before its normal expiration date. In plain language, it is how a PKI system says, “this certificate should not be accepted anymore, even though the date on it has not run out yet.”
Certificate revocation matters because keys and certificates can become unsafe before they naturally expire. A private key may be exposed, a device may be decommissioned, or an issuing mistake may need to be corrected quickly.
Without revocation, systems may continue trusting credentials that should have been removed from service.
Certificate revocation appears in TLS, internal PKI programs, smart-card deployments, device identity systems, and certificate-based authentication. Teams connect it to Digital Certificate, Certificate Authority, Public Key Infrastructure, and Online Certificate Status Protocol.
It is one of the main ways trust can be withdrawn after issuance.
An employee laptop that used a certificate for network authentication is reported stolen. The security team revokes the device certificate so network systems stop treating that certificate as valid.
Certificate revocation is not the same as certificate expiration. Expiration is expected and date-based, while revocation is an early removal of trust because something changed.
It is also different from deleting a certificate file locally. Revocation is about changing trust status across the broader system.