Identifying and removing malicious insiders from a network is a topic of active research. Vehicular ad hoc networks (VANETs) may suffer from insider attacks; that is, an attacker may use authorized vehicles to attack other vehicles. Specifically, attackers may use their vehicles to broadcast specially formed packets that will trigger warnings in target vehicles. This malicious behavior could have a significant detrimental effect on cooperative safety applications (SAs), one of the driving forces behind VANET deployment. We propose modifications to the intersection collision warning (ICW) SA that enable a certificate authority (CA) to be offline and yet to decide to revoke a vehicle's certificates using retransmitted information that cannot repudiated. Our approach differs from previous proposals in that it is SA specific, and it is resilient to Sybil attacks. We simulate and measure the resources an attacker requires to attack a vehicle using the ICW SA without our modifications and demonstrate that our additions reduce the false positive rate arising from errors in estimated vehicle dynamics.