Revoke a Certificate in Sync mode
isSync and ttl.
To
enable the synchronous mode for processing certificate
requests, set
isSync
to
true.
These parameters can be applied to all the Certificate
Authorities (CAs) listed in the asynchronous APIs.Before you begin
- The user should have ACF permission to revoke certificates within the specified certificate’s category.
- The certificate to be renewed should not be in the revoked or monitored state.
- The CA connector for the certificate should be available.
- The certificate should be present in a group that has RW permission.
- There should be no open work orders available for the certificate.
- The certificate should be have a CRL Distribution Point.
- The CA must configured in AppViewX from the Certificate Authority page.
- Connectivity to the CA via the chosen setting should be working correctly.
- Approval:
- Manual
approval must be enforced:
To
do this, set the
autoApprovalflag to false. Users can approve specific requests by following the After you are done section. - Auto-approval of certificate requests must be enabled: This is default behavior; if this attribute is not specified, by default, manual approval is bypassed and auto-approval is enabled.
- Manual
approval must be enforced:
To
do this, set the
Request Structure
| Endpoint: | /certificate/revoke |
| Type: | PUT |
| Sample URL: |
To understand the elements of the sample URL, click here. |
| Headers | |
| Content-Type: | application/json |
| Name | Description |
|---|---|
| userName
|
(Mandatory) Username that is configured in
AppViewX. Type: String |
| password
|
(Mandatory) Password of that user. Type: String |
| content-type
|
(Mandatory) Payload content-type with application/json
value. Type: String Constraint: The value must be application/json. |
| gwsource
|
(Mandatory) The source from which the request is triggered, e.g.,
external. Type: String |
| isSync
|
(Optional)
Processing
mode for the regeneration request
To enable the synchronous processing mode, set this to true. Type: Boolean Possible values: true, false Constraint: The value must be a boolean type: true or false. |
| ttl
|
(Optional)
Duration
(in seconds) for which the API response remains available for
retrieval after the regeneration request is processed
After this duration lapses, the response may no longer be accessible Type: Integer Default value: 300 seconds Constraint: The value must be a positive integer. |
| autoApproval
|
(Optional) Automatic approval workflow enforcement
for processing certificate requests If this parameter is not included in the query, auto-approval is enabled by default. To enforce a manual approval workflow for processing the certificate request, set this parameter to false. |
| Payload
|
Contains all the parameters to be sent in the request body for
the put request. Type: Payload |
Payload
| Name | Description |
|---|---|
| resourceId | (Mandatory) Unique Mongo Id of the certificate in the
AppViewX database. (It refers to the ‘resourceId’ field in the create
certificate response. It can be found through the search API using
commonName, serialNunmer. or other search parameters.) Type: String Constraint: Common name and either resourceId or serialNumber is mandatory. |
| commonName | (Mandatory) Common name of the
certificate Type: String Constraint: Common name and either resourceId or serialNumber is mandatory. Note: commonName field is optional
for Code Signing certificates. |
| serialNumber | (Mandatory) Serial number of the
certificate Type: String Constraint: Common name and either resourceId or serialNumber is mandatory. |
| reason | (Mandatory) Reasons for revoking the
certificate Type: String |
| comments | (Mandatory) Additional comments for revoking the
certificate Type: String Constraint: Comments field is mandatory for some revoke reasons alone. Refer to the valid reason for CAs table below. |
| Certificate Authority | Reasons | Comments Required |
|---|---|---|
| Entrust | Superseded | No |
| Cessation of operation | No | |
| Affiliation changed | No | |
| Key compromised | Yes |
Response Structure
| Name | Description |
|---|---|
| response | Contains the response attributes for the revoke request. |
| resourceId
|
Identifier of the certificate record that has been
created. Type: String |
| requestId
|
Open work order request ID. Type: String |
| certStatus
|
Status of the certificate action request. Type: String |
| message | Success message or failure description in case of
error. Type: String |
| appStatusCode | Application specific status code for the response. It is a
non-null value for a failure response. Type: String |
| tags | Additional information in case of failure response. |
Status Codes
Sample Request/Response
{
"resourceId": "5fa27b7ffee3a70235a5816d",
"reason" :"Superseded"
}{
"response": {
"resourceId": "<Certificate ID>",
"requestId": "<Certificate WF Request ID>",
"certStatus": "Revoked"
},
"message": "Certificate Revoke action executed successfully",
"appStatusCode": "<Error Code>",
"tags": {},
"headers": null
}What's next?
References
- IP/HostName/TenantName: Replace with the actual IP address, hostname,
or tenant name based on the specific configuration in AppViewX.
- IP: A unique identifier assigned to each device connected to
a computer network that uses the Internet Protocol for communication
The IP address will be included in the endpoint URL for an on-prem deployment.
- HostName: A human-readable label assigned to a device (host)
on a network
The hostname will be included in the endpoint URL for an on-prem deployment.
- TenantName: An identifier label for a tenant given to
indicate which tenant's data the API request will
access/modify
The tenant name will be included in the endpoint URL for a SaaS deployment.
- IP: A unique identifier assigned to each device connected to
a computer network that uses the Internet Protocol for communication
- GWPORT: AppViewX gateway port
A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.
Example: 31443
- avxapi: Path parameter value (static) that is part of the endpoint's URL
- Endpoint: Endpoint of the API, for example: execute-hook
- gwsource: Source or origin of a gateway, for example: external.
