Documentation Suite v25.2.1

Submit Search

POST Monitoring Revocation

The POST /Monitoring/Revocation method is used to add a revocation monitoring location. This method returns HTTP 200 OK on a success with details of the location.

Tip: The following permissions (see Security Roles and Claims) are required to use this feature:

/monitoring/alerts/modify/

Table 531: POST Monitoring Revocation Input Parameters

Name In Description

Dashboard

Body

Required. An object indicating the configuration for display on the dashboard. Show dashboard details.

Value

Description

Show

Required. A Boolean indicating whether to show this revocation monitoring location on the Revocation Monitoring dashboard (true) or not (false). The default is false.

Warning Hours

Required in some cases.An integer indicating the number of hours prior to expiration when the location begins to appear in a warning state on the dashboard.

WarningHours is required if Show is set to true and EndpointType is CRL.

WarningHours is not supported for EndpointType OCSP.

If the Days or Weeks value is selected in the Management Portal, it will be converted to hours when stored in the database.

Body

Required in some cases.for CRL endpoints. An object indicating the email recipients and reminder schedule for reminder alerts. Show email reminder details.

Value	Description
Enable Reminder	A Boolean indicating whether to send email reminders for this location (true) or not (false). The default is false.
Warning Days	An integer indicating the number of days before expiration to send the warning email.
Recipients	An array of strings indicating the email addresses to which the email reminders should be sent.

Encode As Plus Signs Body A Boolean indicating whether plus signs (“+”) in the Location URL for CRL endpoints should be encoded as plus signs (%2B), as might typically be required for a delta CRL, or encoded as spaces (%20) (true/false). The default is true.

Endpoint Type Body Required. A string indicating the type of revocation monitoring endpoint: OCSP or CRL.

Id Path Required. An integer indicating the Keyfactor Command reference ID of the revocation monitoring location.

Location

Body

Required. A string indicating the location for the revocation monitoring endpoint.

For CRL endpoints, this can be either an HTTP location or an LDAP location. Be sure to monitor the CRL locations that are in use by applications in your environment—if you're monitoring LDAP locations but applications are using an HTTP location, you're not going to receive any warning if a CRL fails to publish to the HTTP location.

Important: Because a plus sign (“+”) in a URL can represent either a space or a plus, if your URL contains plus signs, you need to take special care and make sure that you select the correct value for the EncodeAsPlusSigns option.

For OCSP endpoints, this is the full URL to the OCSP responder servicing this certificate authority's CRL.

Name Body Required. A string indicating the name of the revocation monitoring location.

OCSP Parameters

Body

Required in some cases.for OCSP endpoints. For OCSP endpoints only, an object indicating the OCSP endpoint configuration. Show OCSP endpoint details.

Value	Description
Certificate Contents	A string containing the base-64 encoded contents of a certificate issued by the CA.
Certificate Authority Id	An integer indicating the Keyfactor Command reference ID of the CA in the database. Use the GET /CertificateAuthority method (see GET Certificate Authority) to retrieve a list of all the CAs to determine the ID.
Authority Name	A string indicating the distinguished name of the CA. For example: CN=CorpIssuingCA1, DC=keyexample, DC=com Use the POST /Monitoring/ResolveOCSP method (see POST Monitoring Resolve OSCP) with the CertificateAuthorityId or CertificateContents to resolve this value.
Authority Name Id	A string indicating the base 64 encoded SHA1 hash of the AuthorityName. Use the POST /Monitoring/ResolveOCSP method (see POST Monitoring Resolve OSCP) with the CertificateAuthorityId or CertificateContents to resolve this value.
Authority Key Id	A string indicating the base 64 encoded SHA1 hash of the CA certificate's public key. This value is found in the CA's certificate as the Subject Key Identifier (SKID). Use the POST /Monitoring/ResolveOCSP method (see POST Monitoring Resolve OSCP) with the CertificateAuthorityId or CertificateContents to resolve this value.
Sample Serial Number	A string indicating the serial number of the certificate used to identity the CA. Use the POST /Monitoring/ResolveOCSP method (see POST Monitoring Resolve OSCP) with the CertificateAuthorityId or CertificateContents to resolve this value.
File Name	A string indicating a file name for the certificate used to identify the CA for the OCSP endpoint if CertificateContents is used.

Schedule

Body

An object containing the inventory schedule set for the revocation monitoring location. Show schedule details.

Name

Description

Off Turn off a previously configured schedule.

Interval

A dictionary that indicates a job scheduled to run every x minutes with the specified parameter. Any interval that is selected in the UI will be converted to minutes when stored in the database.

Name	Description
Minutes	An integer indicating the number of minutes between each interval.

For example, every hour:

Copy

"Interval": {
   "Minutes": 60
}

Daily

A dictionary that indicates a job scheduled to run every day at the same time with the parameter:

Name	Description
Time	The date and time to next run the job. The date and time should be given using the ISO 8601 UTC time format YYYY-MM-DDTHH:mm:ss.000Z (e.g. 2023-11-19T16:23:01Z).

For example, daily at 11:30 pm:

Copy

"Daily": {
   "Time": "2023-11-25T23:30:00Z"
}

Use Workflows Body A Boolean indicating whether the alert uses workflows to deliver the alerts (true) or the legacy alerting system (false). The default is true.

Table 532: POST Monitoring Revocation Response Data

Name Description

Dashboard

An object indicating the configuration for display on the dashboard. Show dashboard details.

Value

Description

Show

A Boolean indicating whether to show this revocation monitoring location on the Revocation Monitoring dashboard (true) or not (false).

Warning Hours

An integer indicating the number of hours prior to expiration when the location begins to appear in a warning state on the dashboard.

WarningHours is required if Show is set to true and EndpointType is CRL.

WarningHours is not supported for EndpointType OCSP.

If the Days or Weeks value is selected in the Management Portal, it will be converted to hours when stored in the database.

An object indicating the email recipients and reminder schedule for reminder alerts. Show email reminder details.

Value	Description
Enable Reminder	A Boolean indicating whether to send email reminders for this location (true) or not (false).
Warning Days	An integer indicating the number of days before expiration to send the warning email.
Recipients	An array of strings indicating the email addresses to which the email reminders should be sent.

Encode As Plus Signs A Boolean indicating whether plus signs (“+”) in the Location URL for CRL endpoints should be encoded as plus signs (%2B), as might typically be required for a delta CRL, or encoded as spaces (%20) (true/false).

Endpoint Type A string indicating the type of revocation monitoring endpoint: OCSP or CRL.

Location

A string indicating the location for the revocation monitoring endpoint.

For OCSP endpoints, this is the full URL to the OCSP responder servicing this certificate authority's CRL.

Name A string indicating the name of the revocation monitoring location.

OCSP Parameters

For OCSP endpoints only, an object indicating the OCSP endpoint configuration. Show OCSP endpoint details.

Value	Description
Certificate Authority Id	An integer indicating the Keyfactor Command reference ID of the CA in the database. This value will be null on a response if the endpoint was configured using the FileName option.
Authority Name	A string indicating the distinguished name of the CA. For example: CN=CorpIssuingCA1, DC=keyexample, DC=com
Authority Name Id	A string indicating the base 64 encoded SHA1 hash of the AuthorityName.
Authority Key Id	A string indicating the base 64 encoded SHA1 hash of the CA certificate's public key. This value is found in the CA's certificate as the Subject Key Identifier (SKID).
Sample Serial Number	A string indicating the serial number of the certificate used to identity the CA.
File Name	A string indicating a file name for the certificate used to identify the CA for the OCSP endpoint if CertificateContents is used. This value will be null on a response if the endpoint was configured using the CertificateAuthorityId option.

Schedule

An object containing the inventory schedule set for the revocation monitoring location. Show schedule details.

Name

Description

Off Turn off a previously configured schedule.

Interval

A dictionary that indicates a job scheduled to run every x minutes with the specified parameter. Any interval that is selected in the UI will be converted to minutes when stored in the database.

Name	Description
Minutes	An integer indicating the number of minutes between each interval.

For example, every hour:

Copy

"Interval": {
   "Minutes": 60
}

Daily

A dictionary that indicates a job scheduled to run every day at the same time with the parameter:

Name	Description
Time	The date and time to next run the job. The date and time should be given using the ISO 8601 UTC time format YYYY-MM-DDTHH:mm:ss.000Z (e.g. 2023-11-19T16:23:01Z).

For example, daily at 11:30 pm:

Copy

"Daily": {
   "Time": "2023-11-25T23:30:00Z"
}

Use Workflows A Boolean indicating whether the alert uses workflows to deliver the alerts (true) or the legacy alerting system (false).

Workflow Enabled A Boolean indicating whether the workflow used to deliver alerts for this revocation monitoring location is enabled (true) or not (false).

Workflow Id A string indicating the Keyfactor Command reference GUID of the workflow used to deliver alerts for this revocation monitoring location.

Workflow Name A string indicating the name of the workflow used to deliver alerts for this revocation monitoring location.

Workflow Published Version An integer indicating the published version of the workflow used to deliver alerts for this revocation monitoring location.

Tip: See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor API

An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflow

A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon (

) at the top of the Management Portal page next to the Log Out button.

Was this page helpful? Provide Feedback

Version v25.2.1

On this page: