Revoke a client certificate

If you detect suspicious activity on a registered client certificate, you can revoke it so that it can't be used again.

Once a certificate is revoked, it's status can't be changed. That is, the certificate status can't be changed to Active or any other status.

Revoke a client certificate (console)

Sign in to the AWS Management Console and open the AWS IoT console.
In the left navigation pane, choose Secure, choose Certificates.
In the list of certificates, locate the certificate that you want to revoke, and open the option menu by using the ellipsis icon.
In the option menu, choose Revoke.

If the certificate was successfully revoked, it will show as Revoked in the list of certificates.

The AWS CLI provides the update-certificate command to revoke a certificate.


aws iot update-certificate \
    --certificate-id certificateId \
    --new-status REVOKED

If the command was successful, the certificate's status will be REVOKED. Run describe-certificate to see the certificate's status.


aws iot describe-certificate \
    --certificate-id certificateId

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Attach a thing or policy to a client certificate

Transfer a certificate to another account