Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. Certificate revoked

Author: Government Digital Service

Certificate revoked

What this means

A certificate revoked acts as a safeguard in the event that an SSL/TLS certificate is compromised.

An SSL certificate revoked means it has been cancelled by the issuing Certificate Authority (CA) before its expiration date, making it invalid and untrustworthy. 

This happens for security reasons like a compromised private key, a mis-issued certificate, or the website no longer existing. 

Why this is a problem

A revoked certificate can prevent a website from establishing a secure HTTPS connection, and visitors may see a security warning in their browser. This can lead to:

  • broken HTTPS – the secure, encrypted connection to the website is no longer active
  • browser warnings – visitors will see a security error in their browser, such as NET::ERR_CERT_REVOKED, and may be blocked from accessing the site
  • no trust – browsers will not trust the certificate, and any attempt to connect may fail

How to check if the problem is there

The most common ways of checking if a certificate is revoked is to:

  • use the Online Certificate Status Protocol (OCSP) – this allows for real-time certificate status checks on the revocation status of a certificate
  • use a browser tool such as Hardenize or DigiCert to check the certificate status

How to fix this

To resolve a certificate that is revoked, contact your certificate authority and request a new valid certificate and install it.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now