The POST /Certificates/RevokeAll method is used to revoke all the certificates in the specified query and/or collection
The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). ID. The endpoint An endpoint is a URL that enables the API to gain access to resources on a server. makes use of the Revoke All Enabled application setting (see Application Settings: Console Tab). If Revoke All Enabled is set to False, the endpoint will return an error indicating revoke all is not allowed and not complete the request. This method returns HTTP 200 OK on a success with a list of the successfully revoked certificate IDs on a success or a list of the failed certificate IDs if any revocations fail.
Permissions for certificates can be set at either the global or certificate collection level. See Certificate Collection Permissions for more information about global vs collection permissions. See also the CollectionId input parameter A parameter or argument is a value that is passed into a function in an application., below.
Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). (PFX A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers., ODKG and CSR A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA.), renewal, and revocation requests flow through Keyfactor Command workflow A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. (see Workflow Definitions).Table 312: POST Certificates Revoke All Input Parameters
| Name | In | Description |
|---|---|---|
| Query | Body | Required*. A string containing a query to limit the certificates to revoke (e.g. field1 -eq value1 AND field2 -gt value2). Fields available for querying through the API for the most part match those that appear in the Keyfactor Command Management Portal search dropdowns. For querying guidelines, refer to Certificate Search Page. A value for either Query or CollectionId is required. If both Query and CollectionId are specified, certificates from both sources will be revoked. |
| Reason | Body |
An integer containing the specific reason that the certificates are being revoked. The default is Unspecified. |
| Comment | Body | Required. A string containing a freeform reason or comment indicating why the certificates are being revoked. |
| EffectiveDate | Body | The date and time when the certificate will be revoked. The date and time should be given using the ISO 8601 UTC time format YYYY-MM-DDTHH:mm:ss.000Z (e.g. 2023-11-19T16:23:01Z). The default is the current date and time. |
| IncludeRevoked | Body | A Boolean that indicates whether revoked certificates should be included in the revocation (true) or not (false). The default is false. |
| IncludeExpired | Body | A Boolean that indicates whether expired certificates should be included in the revocation (true) or not (false). The default is false. |
| CollectionId | Query |
Required*. An integer specifying an optional certificate collection identifier to validate that the user executing the request has sufficient permissions to do so. If a certificate collection ID is not supplied, the user must have global permissions to complete the action. Supplying a certificate collection ID allows for a check of the user's certificate collection-level permissions to determine whether the user has sufficient permissions at a collection level to complete the action. See Certificate Collection Permissions for more information. This field can also be used to specify the certificate collection containing certificates that should be revoked. A value for either Query or CollectionId is required. If both Query and CollectionId are specified, the provided query will be appended onto the collection's query, so a subset of the collections certificates will be selected for revocation, not all the certificates from both sources separately. For example: Copy
|
| X-Revoke-Confirmation-Count | Header |
Required*. An integer indicating the number of certificates to revoke as a validation to prevent accidental revocation of large numbers of certificates. The count can be retrieved using the GET /Certificates endpoint (see GET Certificates). |
An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. Reference and Utility to reduce accidental usage. You may still make use of it by calling it from your own tool.Was this page helpful? Provide Feedback