If a device or key pair (encryption key) is lost or stolen, you must immediately disable login access for the device.

Have the external CA issue a CRL that includes revocation information for the particular client certificate and register this information into this service.

Refer to "Configuring External CAs" for more information on registering CRLs into the IIJ ID Service.