Cause
The Console event logs show a Revoke error. What could be the reasons for this?
Resolution
A certificate can be revoked in the following four ways:
Sample basedManual revocationProfile RemovalEnterprise/Device wipe
More often than not, the "Revoke Error" seen is due to the confirmation not being received for the cert revocation. The process flow is as follows:
Device sends sample with list of installed certificates to AirWatch.AirWatch checks if the certificate is near expiration.If no, it does nothing. If yes, AirWatch will load the profile for certificate renewal.AirWatch will request CA for certificate. CA will issue the new certificate. AirWatch will add the new certificate to the profile. AirWatch will send the completed profile back to the device.
If the request is successful:
The profile with the new certificate is installed and the old certificate is revoked on the device.Device will again send the sample with the list of installed certificates to AirWatch.
If the request failed (profile install failed error):
If revocation is enabled, then AirWatch will request certificate to revoke the certificate as it's near expiry. CA confirms the certificate revocation.If CA did not send a confirmation (or) if AirWatc did not receive the confirmation from CA for the successful revocation, then it gives a "Revoke cert" error in the AirWatch console.
Once AirWatch receives the confirmation from CA for certificate revocation, the certificates is installed on the device with the profile.
