Hello Suppose we have a user that will not be in a company for a couple of months. During this time we want to temporarily revoke his/her certificate in a way that it will not be useable (somehow disable it) by this or any other user. Is it possible to do so (disable a certificate and enable it after the return of the user)? We also do not want to permanently revoke the certificate or disable the user account. Thanks a lot

revokethe certificate with Certificate Hold reasonthen you can alwaysunrevoke the certificate from Revoked Certificates node in CA.o.

Although Certificate Hold exists, it is not recommended, especially for your scenario.The catch is that CRLs are not synced to time services.Once the certificate is "unrevoked", ie removed from the CRL, there is no way to determine if it was previuosly revoked.This means, that if the holder of the certificate's private key were to use the key pair during the time the certificate was revoked (with CRL checking turned off), the signature would be considered valid when viewed after the certificate was unrevoked.The only way to prevent this is to issue new certificates after the person returns to duty, leaving the previous certificates as revokedJust something to ponder.Brian