Revoke a client certificate - Amazon IoT Core
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Revoke a client certificate

If you detect suspicious activity on a registered client certificate, you can revoke it so that it can't be used again.


Once a certificate is revoked, it's status can't be changed. That is, the certificate status can't be changed to Active or any other status.

Revoke a client certificate (console)

To revoke a client certificate using the Amazon IoT console
  1. Sign in to the Amazon Management Console and open the Amazon IoT console.

  2. In the left navigation pane, choose Secure, choose Certificates.

  3. In the list of certificates, locate the certificate that you want to revoke, and open the option menu by using the ellipsis icon.

  4. In the option menu, choose Revoke.

If the certificate was successfully revoked, it will show as Revoked in the list of certificates.

Revoke a client certificate (CLI)

The Amazon CLI provides the update-certificate command to revoke a certificate.

aws iot update-certificate \ --certificate-id certificateId \ --new-status REVOKED

If the command was successful, the certificate's status will be REVOKED. Run describe-certificate to see the certificate's status.

aws iot describe-certificate \ --certificate-id certificateId