No credentialing program runs perfectly. Typos happen. Recipients ask for name corrections after a legal name change. Occasionally, a credential needs to be revoked entirely because a recipient violated program terms, a course was found to have issues, or an error in the original issuance means the record is inaccurate.
How you handle these situations is a test of your credential management infrastructure. A platform that makes revocation and updates easy protects both your organization and the integrity of your credential program. A platform that makes them hard, or impossible, leaves you with broken records you cannot fix.
The Difference Between Revoking and Updating
Revocation means the certificate is cancelled. The credential record still exists in the system, but the verification page shows that it has been revoked. Anyone who tries to verify the credential sees a clear status indicator that the certificate is no longer valid. This is appropriate when a credential should not have been issued, or when circumstances have changed such that the credential no longer reflects the recipient's standing.
Updating means correcting or changing the content of an existing credential without cancelling it. The most common update is a name correction. A recipient realizes their certificate shows a misspelling of their name and requests a fix. The credential should be corrected and re-delivered, but the underlying record, the completion date, course, and issuer, all remain the same.
These are two distinct actions with different implications, and a good certificate platform handles them separately.
When to Revoke a Certificate
Revocation is appropriate in specific situations:
The recipient did not actually meet the completion criteria and the certificate was issued in error
The recipient violated program terms after issuance, such as a professional conduct violation that voids the credential
The credential is fraudulently duplicated and the issuer is invalidating copies
A course has been found to contain significant errors that compromise the integrity of the credential
Revocation should not be used lightly. It has serious consequences for the recipient. Before revoking, have a clear policy in place that defines the circumstances under which a credential can be revoked, and communicate this to recipients at the time of issuance.
How Revocation Works in Practice
In Creadefy, revoking a certificate is done from the credential dashboard. Locate the credential by recipient name, email, or credential ID. Select the revoke action. The system marks the credential as revoked in the database, and the verification page updates immediately to reflect this status.
Importantly, revocation does not delete the record. It marks it. This matters for your own audit trail and for any recipient who may dispute the revocation. The record of what was issued, when, and to whom remains intact. Only the validity status changes.
The QR code on the original certificate still scans, but it now resolves to a page that clearly shows the credential has been revoked. Any employer or institution that scans it gets the accurate current status.
How to Update a Certificate
Updates are more common than revocations in most programs. Name corrections are the most frequent request. A recipient legally changes their name after marriage or transition, and the existing credential reflects their old name. The credential should be updated so it remains professionally accurate.
In Creadefy, updates are handled by editing the recipient record and regenerating the credential. The underlying credential ID stays the same. The verification URL stays the same. The content is updated and the new version replaces the old in the recipient's credential record and on the verification page.
After updating, re-deliver the credential to the recipient so they have access to the corrected version. If the recipient has already shared the credential on LinkedIn or a portfolio, remind them that the verification link they shared will now reflect the updated information, so they do not need to re-share it.
Building a Revocation and Update Policy
Every credentialing program should have a documented policy covering three things: under what circumstances a credential can be revoked, how recipients can request updates or corrections, and what the process is for appealing a revocation decision.
This policy does not need to be long. Even a short internal document that defines these three areas protects you when edge cases arise. Without it, you are making ad hoc decisions under pressure, which leads to inconsistent outcomes and potential disputes.
For programs that operate in regulated industries, such as healthcare training or financial compliance certification, this policy may also need to meet external standards. Consult with your compliance team to ensure your revocation process satisfies any applicable requirements.
Handling Bulk Revocations
Occasionally, an organization needs to revoke a large batch of credentials at once, for example if a course is found to have had a significant error or if a cohort's credentials were issued using incorrect data. In this case, manual credential-by-credential revocation is not practical.
Platforms that support API access allow bulk revocation via a programmatic request. You can pass a list of credential IDs to a revocation endpoint and have the entire batch updated in one action. If your platform does not support this and you face a bulk revocation scenario, contact the platform's support team to understand the fastest available path.
Communication After Revocation or Update
Do not silently revoke a credential without notifying the recipient. Even if the revocation is justified, the recipient deserves to know what happened and why. A clear, factual email explaining the revocation, the reason, and any appeal process available is both ethically appropriate and legally prudent.
For updates, notify the recipient that their credential has been corrected and re-delivered. Include the new verification link in the email so they have it readily available. This small step prevents the confusion that comes when a recipient tries to share a credential and finds the details have changed without their knowledge.
The Takeaway
The ability to revoke and update credentials is not an edge case feature. It is a core part of running a professional credentialing program. Choose a platform that makes both actions straightforward, keeps a clear audit trail, and reflects status changes immediately on the verification page. That capability is what separates a serious credential system from a certificate-generating tool.
When Revocation Is Necessary
Not every certificate issued should remain valid forever. There are situations where revoking a credential is the correct action: a recipient is found to have cheated, the issuance was made in error, the organization's relationship with the recipient has changed, or the credential has been misrepresented.
Revocation is not the same as deletion. A deleted credential simply disappears. A revoked credential's verification URL returns a clear invalid status, which is more useful for employers and auditors because it confirms the credential existed but is no longer valid.
When to Update vs When to Revoke
The choice between updating and revoking depends on whether the original issuance was valid.
- Update: the issuance was correct but contains a data error (misspelled name, wrong date, incorrect credential title). The recipient legitimately earned the credential.
- Revoke: the issuance should not have happened, or the credential is being withdrawn due to a policy violation, cheating, or misrepresentation.
Most certificate platforms handle these as separate operations. An update corrects data and reissues. A revocation invalidates the credential permanently.
What Happens to the Verification URL After Revocation
This is the most common question issuers ask. When you revoke a credential, the verification URL does not return a 404 error. It returns a page showing that the credential was revoked, including the original issuance information and a clear revoked status.
This is the correct behavior because an employer who saved the URL needs to know what the status of that credential is. An error page tells them nothing. A revoked status tells them exactly what they need to know.
How to Update a Certificate With an Error
Most certificate platforms support direct editing of credential data. You update the affected field (name, date, title), and the verification URL automatically reflects the corrected data. The recipient receives a notification with the updated certificate.
Some platforms issue a new credential with a new ID and automatically revoke the original. If this is the case, notify the recipient so they know to update any shared links.
Bulk Revocation for Program Changes
Occasionally a program is discontinued or credentials issued under it need to be withdrawn en masse. Bulk revocation lets you mark an entire cohort's credentials as revoked in one operation rather than revoking each one individually.
Document bulk revocation actions carefully. Keep a record of which credentials were revoked, when, and why. This becomes important if recipients dispute the revocation or if an audit requires documentation of your credential management practices.
Communicating Revocation to Recipients
Revoke a credential before you communicate it if possible. This prevents a brief window where the credential appears valid while you are still composing the notification. Send a clear, direct message explaining the reason for revocation and what recourse, if any, the recipient has.
Recipients who feel blindsided by revocation without explanation are more likely to dispute it publicly. A direct, factual notification reduces that risk.
The Open Badges specification documents how compliant platforms handle credential revocation and status updates in interoperable credential systems.
See how Creadefy handles credential revocation and updates in the platform.
Read about certificate fraud prevention and why revocation is a critical tool.
Manage your credentials with full revocation and update capabilities. See how Creadefy handles the full certificate lifecycle.
Frequently Asked Questions
What is the difference between revoking and deleting a digital certificate?
Deleting removes the credential entirely. The verification URL returns an error. Revoking marks the credential invalid while keeping the record. The verification URL returns a revoked status, which is more informative for employers and auditors who have previously seen the credential.
Can I update a certificate after it has been issued?
Yes. Most certificate platforms let you edit credential data directly. The verification URL updates to reflect the corrected data automatically. If the platform issues a new credential with a new ID, make sure the recipient knows to update any shared links.
What does the verification URL show after revocation?
A well-designed platform shows a revoked status page with the original credential information and a clear indication that the credential has been revoked. It should not return an error or show the credential as valid.
Can I revoke multiple certificates at once?
Most enterprise certificate platforms support bulk revocation. You typically upload a file with the credential IDs to be revoked or select a cohort within the platform dashboard. Keep a documented record of all bulk revocation actions.
Should I notify the recipient before or after revoking their certificate?
Revoke first, then notify. This eliminates a window where the credential appears valid while your notification is in progress. Send a clear, direct message explaining the reason for revocation and the recipient's available options.