Hi Salman, Sorry, I hadn't seen your question. We have opened a ticket regarding this issue already. See https://support.mongodb.com/case/01056829 In fact, an example scenario. An X system's IT team creates and manages X.509 certificates for application authentication. Security Team issues root certificates and intermediate certificates. In the situation that the Security team detects that a certificate is compromised, this team could decide to revoke the intermediate certificate to avoid any data leakage. This team does not have access to the MongoDB Atlas portal because they do not manage the databases. As a result of this action, it is expected that all X.509 certificates issued under this authority chain will be unable to connect to MongoDB clusters.

We would also like to have this feature so we can clean up older certificates. I'm surprised this isn't already a feature.

There is a scenario where we have multiple certificates attached to the same User and want to do some cleanup.

Hi Geoffrey, Thank you for sharing the suggestion. Could you share here or in an email (product.security@mongodb.com) the scenario under which deleting a user is not feasible when a certificate is compromised? Salman