Certificates Revoke
The Revoke method will attempt to revoke a certificate stored in Keyfactor Command. The certificate to be revoked can be identified using the lookup request body parameter
A parameter or argument is a value that is passed into a function in an application. (see Table 668: Classic API Certificate Lookup Structure). In addition, the message may contain string parameters describing the revocation. Caution is advised when programmatically revoking certificates as the operation generally cannot be undone. The method returns a 200 OK response if successful or an appropriate HTTP code and error message if unsuccessful.
Table 691: POST /3/Revoke Request Body
|
Parameter Name |
Parameter Value |
|---|---|
|
Lookup |
Criteria to specify the certificate to be revoked. See Table 668: Classic API Certificate Lookup Structure. |
|
Details |
Details used to define the revocation operation. See Table 692: Certificate Revocation Details. |
Table 692: Certificate Revocation Details
|
Parameter Name |
Parameter Value |
||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Reason |
Integer code for certificate revocation reason, as per IETF RFC 5280 ReasonFlags. This field is optional and will default to "0" (zero - unspecified). Allowed values are listed below:
|
||||||||||||||||
|
Comment |
Explanation of revocation reason. Optional and will default to the empty string "". |
||||||||||||||||
|
EffectiveDate |
Date on which the revocation will take effect. Optional and will default to the current time if not specified. |
||||||||||||||||
|
noCRL |
If provided and set to "true", Keyfactor Command will not attempt to have the CA publish a new CRL. Optional and treated as "false" by default. |
Example Request
POST http://<host>/CMSApi/Certificates/3/Revoke HTTP/1.1
{
"Lookup": {"Type": "CMSID", "CMSID": 45},
"Details": {"Reason":4, "EffectiveDate" : "2017-12-29", "Comment": "Reissued 12-27"}
}
