Knowledge Base

Check if a certificate installed on your server has been revoked

The DigiCert Certificate Utility® for Windows has a feature that lets you find out if an SSL Certificate installed on your Windows server has been revoked. You can also use this instruction to discover if the certificate has a matching private key.

DigiCert Utility | Check If an SSL Certificate Has Been Revoked

1. On the Windows server where your SSL Certificate is located, download and save the DigiCert® Certificate Utility for Windows executable (DigiCertUtil.exe).

2. Run the DigiCert® Certificate Utility for Windows (double-click DigiCertUtil).

3. In the DigiCert Certificate Utility for Windows©, click SSL (gold lock), select the SSL Certificate that you want to check, and then click Test Key.

   

4. In the Private Key Test window, you should see a green checkmark next to the Revocation check for certificate chain was successful.

   This verifies that the certificate's serial number is not listed on a revocation list.

   

5. Certificate Matching Private Key Note:

   In the Private Key Test window, you should see a green checkmark next to The private key was successfully tested.

   This verifies that the certificate has a matching and valid private key.

Troubleshooting

Check Connection

If you don't get the green checkmark, you can try connecting to the server with a browser to make sure that an SSL Connection is established correctly and that the certificate hasn't been revoked.
See: OCSP & CRL and Revoked SSL Certificates.

Reissue Certificate

If you run into any errors when making the connection, you probably need to reissue your certificate. See Reissuing a DigiCert® SSL Certificate.

Contact Us

If you continue to have any errors, please contact DigiCert Support.