MSP Admin Rotation
When a MSP admin needs to be replaced, a new identity (that contains a new private key) has to be enrolled. However, in order to confirm the update, the old key (which is currently necessary until the transaction takes effect) has to be used for authentication reasons.
How to Revoke Signing Identities
First, a new identity has to be created.
Then the new identity just created must be used.
Navigate to Your MSP on the left panel of your dashboard and click on Edit on your MSP
Once in the Edit MSP menu, scroll down to Admin Identity Certificates and add the identity just created. check the box with the option to use this admin identity by default.
From this moment on, both Identities are being used as admin identities as shown under the Admin certificates sections on your MSP.
The previous (old) identity can be thrown away using the newly created one as a single Admin identity.
Now we must revoke the previous one.
Navigate to CAs on the left panel, pick the Identity that is going to be revoked and execute the Revoke action for the old identity.