I am not aware of a method for revoking a certificate once you have given a user an ID with that certificate on it.
If your goal is to deny access to someone who previously had access, there are two standard methods for doing this:
1) Add the names of the users to the Not Access Server field on the server document. A common method is to put a Terminations group in this field then add each name to that group.2) Use the Lockout ID feature in the Administration Process.
This was first published in May 2001