Check if a certificate installed on your server has been revoked
The DigiCert Certificate Utility® for Windows has a feature that lets you find out if an SSL Certificate installed on your Windows server has been revoked. You can also use this instruction to discover if the certificate has a matching private key.
DigiCert Utility: Check If an SSL Certificate Has Been Revoked
-
On the Windows server where your SSL Certificate is located, download and save the DigiCert® Certificate Utility for Windows executable (DigiCertUtil.exe).
-
Run the DigiCert® Certificate Utility for Windows (double-click DigiCertUtil).
-
In the DigiCert Certificate Utility for Windows©, click SSL (gold lock), select the SSL Certificate that you want to check, and then click Test Key.
-
In the Private Key Test window, you should see a green checkmark next to Revocation check for certificate chain was successful.
This verifies that the certificate's serial number is not listed on a revocation list.
-
Certificate Matching Private Key Note:
In the Private Key Test window, you should see a green checkmark next to The private key was successfully tested.
This verifies that the certificate has a matching and valid private key.
Troubleshooting
Check Connection
If you don't get the green checkmark, you can try connecting to the server with a browser to make sure that an SSL Connection is established correctly and that the certificate hasn't been revoked. See OCSP & CRL and Revoked SSL Certificates.
Reissue Certificate
If you run into any errors when making the connection, you probably need to reissue your certificate. See Reissuing a DigiCert® SSL Certificate.
Contact Us
If you continue to have any errors, please contact support (support@digicert.com) using the contact details from within the DigiCert Certificate Utility.
