Skip to main content

Revoke certificates

You can revoke certificates using one of the following methods:

  • Revoke in inventory

    • Web console: Revoke a certificate from the Inventory > Certificates page.

    • REST API endpoint: Revoke one or more certificates using the revoke endpoint.

  • Seat record deletion: Revoke the associated certificate automatically by deleting its corresponding seat record.

Let op

The web console and REST API endpoint support revoking one certificate at a time. To revoke multiple certificates using API, you must use a custom script that calls the endpoint separately for each certificate's serial number. Alternatively, you can revoke certificates in bulk by deleting multiple seat records simultaneously.

Before you begin

  • Ensure that DigiCert​​®​​ Trust Lifecycle Manager has access to the issuing CA.

  • Trust Lifecycle Manager automatically has access to issuing CAs in DigiCert® Private CA. To access and manage certificates from other other CAs, ensure that there is an active CA connector configured.

Revoke certificates in inventory using the web console

  1. From the Trust Lifecycle Manager menu, go to Inventory > Certificates.

  2. Select Revoke from the actions menu in the rightmost column of the table.

  3. In the pop-up that appears, select the reason for revocation, and select Revoke.

Revoke certificates in inventory using the API endpoint

To revoke certificates using the API, call the endpoint separately for each certificate's serial number. For more details, see the API reference documentation.

Revoke a certificate

Endpoint: PUT /mpki/api/v1/certificate/{serial_number}/revoke

The sample below shows a request to revoke one certificate.

The sample response below shows that certificate 07A2xxxxxxx8C has been revoked successfully.

Revoke multiple certificates

Endpoint: PUT /mpki/api/v1/certificate/{serial_number}/revoke

To revoke multiple certificates using API, create a custom script that calls the endpoint separately for each certificate's serial number. The sample below shows a request to revoke three certificates.

The custom script revokes one certificate at a time and returns an individual success response. The sample response below shows that certificate 09B1xxxxxxx5F has been revoked successfully.

Revoke certificates by deleting seat records

You can revoke a certificate automatically by deleting its corresponding seat record. You can do this from the web console or by using the following REST API endpoint: DELETE /mpki/api/v1/seat/{seat_id}

  • To revoke a certificate by deleting a seat record from the web console, see Delete seats.

  • To revoke a certificate by deleting a seat record using the API endpoint, see the API reference documentation.

You can also revoke certificates in bulk by deleting multiple seat records simultaneously.

In deze sectie: