Hi,
Did you find a solution to this? I have exactly the same concern, ACS does not seem to check if a certificate is revoked, so revoking a certificate has no effect!! Seems pretty poor to me.
From what I see, the only way is to delete that particular user ID, at least until the cert is out of date. Or, there is an option to binary compare the cert in ACS, but no real help on how to use this.
-phil