Secardeo certRevoke is a Windows service that integrates with Active Directory to automatically revoke X.509 certificates associated with deleted or modified user and computer accounts, ensuring PKI consistency and minimizing security risks from orphaned certificates.

Key Features

Active Directory Integration Monitors changes in AD user and computer accounts.

• Detects deletions and attribute changes in specified AD sub-trees or groups.
• Configurable monitoring of object attributes and organizational units.

Automated Certificate Revocation Sends revocation requests for affected certificates.

• Supports Microsoft CAs (ADCS) and public/private CAs via certEP.
• Handles multiple CAs in parallel.

PKI Inventory Management Keeps certificate inventory current and secure.

• Automatically devalues orphaned certificates.
• Triggers certificate re-enrollment on relevant AD changes.

Cost Reduction Reduces operational costs associated with unused certificates.

• Lowers CA fees and IT service costs.
• Minimizes manual intervention for certificate management.

Benefits

Enhanced Security Prevents unauthorized use of orphaned certificates.

• Ensures only valid certificates for existing AD objects remain active.
• Eliminates threats from credentials tied to non-existent accounts.

Operational Efficiency Automates routine PKI maintenance tasks.

• Reduces manual certificate management workload.
• Supports scalability for organizations with high employee or equipment turnover.