Technical Tip: Unable to remove revoked certificate: delete button is greyed out

Description

This article describes the reason why revoked certificates cannot be removed from FortiAuthenticator.

Scope

FortiAuthenticator.

Solution

Explanation:

Sometimes, the delete button is greyed out even when the certificate has been revoked.
This behavior is intentional. A certificate can only be removed when the certificate is revoked and expired (for CRL and OCSP purposes).
The only way to remove the revoked certificates prior to expiry is to remove the corresponding issuing CA certificate.

Note: In some versions, for both Users and Local Services Certificates, it is necessary to select the (Filter) icon and choose the status (All) in order to see the Revoked certificates.