POST Certificates Revoke All
The POST /Certificates/RevokeAll method is used to revoke all the certificates in the specified query and/or collection The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). ID. The endpoint
An endpoint is a URL that enables the API to gain access to resources on a server. makes use of the Revoke All Enabled application setting (see Application Settings: Console Tab). If Revoke All Enabled is set to False, the endpoint will return an error indicating revoke all is not allowed and not complete the request. This method returns HTTP 200 OK on a success with a list of the successfully revoked certificate IDs on a success or a list of the failed certificate IDs if any revocations fail.
Permissions for certificates can be set at either the global or certificate collection level. See Certificate Collection Permissions for more information about global vs collection permissions. See also the CollectionId input parameter A parameter or argument is a value that is passed into a function in an application., below.




Table 310: POST Certificates Revoke All Input Parameters
Name | In | Description |
---|---|---|
Query | Body | Required*. A string containing a query to limit the certificates to revoke (e.g. field1 -eq value1 AND field2 -gt value2). Fields available for querying through the API for the most part match those that appear in the Keyfactor Command Management Portal search dropdowns. For querying guidelines, refer to Certificate Search Page. A value for either Query or CollectionId is required. If both Query and CollectionId are specified, certificates from both sources will be revoked. |
Reason | Body |
An integer containing the specific reason that the certificates are being revoked. The default is Unspecified. |
Comment | Body | Required. A string containing a freeform reason or comment indicating why the certificates are being revoked. |
EffectiveDate | Body | The date and time when the certificate will be revoked. The date and time should be given using the ISO 8601 UTC time format YYYY-MM-DDTHH:mm:ss.000Z (e.g. 2023-11-19T16:23:01Z). The default is the current date and time. |
IncludeRevoked | Body | A Boolean that indicates whether revoked certificates should be included in the revocation (true) or not (false). The default is false. |
IncludeExpired | Body | A Boolean that indicates whether expired certificates should be included in the revocation (true) or not (false). The default is false. |
CollectionId | Query |
Required*. An integer specifying an optional certificate collection identifier to validate that the user executing the request has sufficient permissions to do so. If a certificate collection ID is not supplied, the user must have global permissions to complete the action. Supplying a certificate collection ID allows for a check of the user's certificate collection-level permissions to determine whether the user has sufficient permissions at a collection level to complete the action. See Certificate Collection Permissions for more information. This field can also be used to specify the certificate collection containing certificates that should be revoked. A value for either Query or CollectionId is required. If both Query and CollectionId are specified, the provided query will be appended onto the collection's query, so a subset of the collections certificates will be selected for revocation, not all the certificates from both sources separately. For example: Copy
|
X-Revoke-Confirmation-Count | Header |
Required*. An integer indicating the number of certificates to revoke as a validation to prevent accidental revocation of large numbers of certificates. The count can be retrieved using the GET /Certificates endpoint (see GET Certificates). |

Was this page helpful? Provide Feedback