The vSEC:CMS application will cache certificate revocation requests if the CA is unreachable and the card template is configured to revoke certificates at the CA. For example, in the revoke card template it is possible to enable caching of requests. On opening the vSEC:CMS console, the application will check if there is a CA configured and if there are any cached revocation requests it will automatically send them to the CA if it is reachable.
Cache CA Revocation Requests
In order to view cached revocation requests, browse to Options - Connections and in the Certificate Authorities section click the Number of pending records link.
When the CA becomes available, click the Revoke Now button to send the cached requests to the CA.
The CA for which the revocation request needs to be sent to can be seen from the Certificate authority drop-down list. If it is required to delete a cached request, select the request and click the Delete button. Click the Copy button to save the contents of the dialog to the system clipboard from where the information can be saved to a text file if required.
If a MS CA is used, any Operator who is attempting to revoke a managed user's credential that contains certificate(s) using the vSEC:CMS console will need to have Issue and Manage Certificates permission on the CA to perform this operation. That means the Windows account that the Operator logged on with will need to have these permissions enabled on the CA.
For example, if the Operator is using the Windows account Bob A. Smith then from the CA Security tab, i.e. the Microsoft Certificate Authority console, Bob A. Smith would need to be added and granted Allow permission on Issue and Manage Certificates. Otherwise the certificate revocation will be put in a queue on the vSEC:CMS and will only be revoked when an Operator who does have these permissions logs on and revokes the certificate(s).