POST Certificates Revoke All

The POST /Certificates/RevokeAll method is used to revoke all the certificates in the specified query or collection The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). ID. This endpoint An endpoint is a URL that enables the API to gain access to resources on a server. returns 204 with no content upon success.

Table 217: POST Certificates Revoke All Input Parameters

Name	In	Description
Query	Body	Required*. A string containing a query to limit the certificates to revoke (e.g. field1 -eq value1 AND field2 -gt value2). Fields available for querying through the API A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. for the most part match those that appear in the Keyfactor Command Management Portal search dropdowns. For querying guidelines, refer to the Keyfactor Command Reference Guide Certificate Search Page section. A value for either Query or CollectionId is required. If both Query and CollectionId are specified, certificates from both sources will be revoked.
Reason	Body	An integer containing the specific reason that the certificates are being revoked. Show revocation reasons. Value Description -1 Remove from Hold 0 Unspecified 1 Key Compromised 2 CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. Compromised 3 Affiliation Changed 4 Superseded 5 Cessation of Operation 6 Certificate Hold 7 Remove from CRL A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date and should no longer be trusted. 999 Unknown The default is Unspecified.
Comment	Body	Required. A string containing a freeform reason or comment on why the certificates are being revoked.
EffectiveDate	Body	The date and time when the certificate will be revoked. The date and time should be given using the ISO 8601 UTC time format YYYY-MM-DDTHH:mm:ss.000Z (e.g. 2021-05-19T16:23:01Z). The default is the current date and time.
IncludeRevoked	Body	A Boolean that indicates whether revoked certificates should be included in the revocation (true) or not (false). The default is false.
IncludeExpired	Body	A Boolean that indicates whether expired certificates should be included in the revocation (true) or not (false). The default is false.
CollectionId	Query	Required*. An integer specifying an optional certificate collection identifier to validate that the user executing the request has sufficient permissions to do so. If a certificate collection ID is not supplied, the user must have global permissions to complete the action. Supplying a certificate collection ID allows for a check of the user's certificate collection-level permissions to determine whether the user has sufficient permissions at a collection level to complete the action. See Certificate Permissions in the Keyfactor Command Reference Guide for more information. This field can also be used to specify the certificate collection containing certificates that should be revoked. A value for either Query or CollectionId is required. If both Query and CollectionId are specified, certificates from both sources will be revoked.