Check if a certificate installed on your server has been revoked

The DigiCert Certificate Utility® for Windows has a feature that lets you find out if an SSL Certificate installed on your Windows server has been revoked. You can also use this instruction to discover if the certificate has a matching private key.

DigiCert Utility: Check If an SSL Certificate Has Been Revoked

  1. On the Windows server where your SSL Certificate is located, download and save the DigiCert® Certificate Utility for Windows executable (DigiCertUtil.exe).

  2. Run the DigiCert® Certificate Utility for Windows (double-click DigiCertUtil).

  3. In the DigiCert Certificate Utility for Windows©, click SSL (gold lock), select the SSL Certificate that you want to check, and then click Test Key.

    DigiCert Utility Test Private Key

  4. In the Private Key Test window, you should see a green checkmark next to Revocation check for certificate chain was successful.

    This verifies that the certificate's serial number is not listed on a revocation list.

    Valid Private Key check successful

  5. Certificate Matching Private Key Note:

    In the Private Key Test window, you should see a green checkmark next to The private key was successfully tested.

    This verifies that the certificate has a matching and valid private key.

Troubleshooting

Check Connection

If you don't get the green checkmark, you can try connecting to the server with a browser to make sure that an SSL Connection is established correctly and that the certificate hasn't been revoked. See OCSP & CRL and Revoked SSL Certificates.

Reissue Certificate

If you run into any errors when making the connection, you probably need to reissue your certificate. See Reissuing a DigiCert® SSL Certificate.

Contact Us

If you continue to have any errors, please contact DigiCert Support.