POST Certificates Revoke All

The POST /Certificates/RevokeAll method is used to revoke all the certificates in the specified query or collectionClosed The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). ID. This endpointClosed An endpoint is a URL that enables the API to gain access to resources on a server. returns 204 with no content upon success.

Tip:  The following permissions (see Security Overview) are required to use this feature:

Certificates: Revoke

Certificate permission can be granted at either the global or collection level. See note under CollectionId, below.

Table 217: POST Certificates Revoke All Input Parameters

Name In Description
Query Body Required*. A string containing a query to limit the certificates to revoke (e.g. field1 -eq value1 AND field2 -gt value2). Fields available for querying through the APIClosed A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. for the most part match those that appear in the Keyfactor Command Management Portal search dropdowns. For querying guidelines, refer to the Keyfactor Command Reference Guide Certificate Search Page section. A value for either Query or CollectionId is required. If both Query and CollectionId are specified, certificates from both sources will be revoked.
Reason Body

An integer containing the specific reason that the certificates are being revoked. ClosedShow revocation reasons.

The default is Unspecified.

Comment Body Required. A string containing a freeform reason or comment on why the certificates are being revoked.
EffectiveDate Body The date and time when the certificate will be revoked. The date and time should be given using the ISO 8601 UTC time format YYYY-MM-DDTHH:mm:ss.000Z (e.g. 2021-05-19T16:23:01Z). The default is the current date and time.
IncludeRevoked Body A Boolean that indicates whether revoked certificates should be included in the revocation (true) or not (false). The default is false.
IncludeExpired Body A Boolean that indicates whether expired certificates should be included in the revocation (true) or not (false). The default is false.
CollectionId Query Required*. An integer specifying an optional certificate collection identifier to validate that the user executing the request has sufficient permissions to do so. If a certificate collection ID is not supplied, the user must have global permissions to complete the action. Supplying a certificate collection ID allows for a check of the user's certificate collection-level permissions to determine whether the user has sufficient permissions at a collection level to complete the action. See Certificate Permissions in the Keyfactor Command Reference Guide for more information. This field can also be used to specify the certificate collection containing certificates that should be revoked. A value for either Query or CollectionId is required. If both Query and CollectionId are specified, certificates from both sources will be revoked.