Signing Identities Revocation

Catalyst Blockchain Manager is aware at all times of which certificates have been created and which of them were added to the CRLs, therefore once an identity is revoked it can no longer be used and by trying to authenticate using a revoked identity will result in an authentication error.

In a nutshell, the only action we perform with a revoked identity is to delete it from the system.

How to Revoke Signing Identities?

Navigate to CAs on the Left panel of your dashboard, scroll down to the identity that is going to be revoked and select Revoke and confirm Revoke Identity.

List of certificates
Figure 1. List of certificates

Every instance of the certificate is removed from the other participant’s side and added to the issuer’s MSP, and the same goes for every certificate using this identity. This can be checked at the CRL tab immediately after being revoked.

Notice that the MSP will display an error message given that the CRL has been updated locally and it wont match with the network.

Navigate to Your MSP on the Left panel of your dashboard and click on the alert icon to sync the CRL.

Revoke Singing Identities - MSP
Figure 2. Revoke Singing Identities - MSP

This must also take place in every channel this entity is part of, starting by the System Chanel as this is where the network configurations are stored.

Navigate to your system Channel on the Left panel of your dashboard, select your Orderer, navigate to System Channel and click on Sync for Local MSP

Update MSP system channel
Figure 3. Update MSP system channel

Then repeat the same for every Application Channel.

Navigate to the Application channel n the Left panel of your dashboard, under Organizations execute Sync Channel MSP to Local MSP.

Update MSP application channel
Figure 4. Update MSP application channel