---
id: revocation
title: Revocation (Cabut Sertifikat)
description: Revocation invalidates a certificate before its expiration date. This is critical if a Private Key is compromised.
---

# Revocation (Cabut Sertifikat)

Revocation invalidates a certificate before its expiration date. This is critical if a Private Key is compromised.

## When to Revoke?
- **Key Compromise**: You suspect someone stole your Private Key.
- **Service Change**: The domain name effectively no longer belongs to the service.
- **Mistake**: The certificate was issued with incorrect details.

## How to Remove / Revoke

If a certificate is compromised or no longer needed, you can remove it from the system.

1.  Go to the **Certificates** list.
2.  Identify the certificate to remove.
3.  Click the **Trash Icon** (Delete) on the right side of the row.
4.  **Confirm**: Type `DELETE` in the confirmation modal to permanently remove the certificate and its private key from TrustLab.

![Delete Certificate Action](/images/guide/certificates_list_view_1767869137654.png)

## CRL (Certificate Revocation List)
Once revoked, the certificate serial number is added to the TrustLab CRL. All clients checking the CRL will immediately reject the certificate.