When a customer or Symantec revokes a Code Signing Digital ID for security reasons, the certificate is published on a publicly accessible Certificate Revocation List (CRL). Symantec may remove an expired Code Signing Certificate from a CRL in accordance with Symantec's Certificate Practices Statement (CPS) as described below.
For Certificates Revoked for Security Reasons
As of 2/11/04, only Code Signing certificates that are revoked for a Security Reason will be published to a CRL. Symantec has adopted this policy to ensure that only certificates revoked for security reasons (as opposed to standard certificate lifecycle reasons) are included in the CRL.
Symantec will never remove a certificate from a CRL if Symantec has reason to believe that it was revoked for reasons of a private key compromise or because the Certificate was issued in a manner not materially in accordance with the procedures required by the Symantec CPS (a "security reason").
For Certificates Revoked for Non-Security Reasons
If Symantec has a clear and unambiguous revocation reason on file, revoked certificates will be removed from the CRL after they have expired unless Symantec has reason to believe that they were revoked for a Security Reason. Examples of revocation reasons that Symantec does not believe constitute security reasons include "lost or forgotten password" and "replacement".
If Symantec does not have a clear and unambiguous revocation reason on file, a revoked certificate may be removed from the CRL only after the certificate has been revoked for more than 2 years and the notification procedures described below are followed.
Prior to removing any revoked certificate from the CRL, Symantec will notify the technical contacts listed in the revoked certificate request of the CRL procedure and the pending removal of the revoked certificate from the CRL.
If the technical contact objects to the pending removal of the revoked certificate from the CRL, the revoked certificate will not be removed from the CRL. Please click here if you should need to Manually Revoke Your Certificate