Revoke-Certificate function
While not required, implementing logic for this function is strongly recommended as revocation is functionality that every CA is expected to support, and a standard feature of Trust Protection Platform. This function is called whenever a user requests that a certificate be revoked and corresponds to Processing Stage 1400.
Variable Name |
Data Type |
Description |
---|---|---|
CertId |
String |
Text used by the CA to uniquely identify the certificate being revoked. |
CertPem |
String |
The raw X.509 certificate being revoked is in base64-encoded PEM format. |
ReasonCode |
Integer |
One of the following RFC 5280 Revocation Reason Codes: 0=Unspecified 1=Key Compromised 2=Affiliation Changed 3=Superseded 4=Cessation of Operation |
Comment |
String |
An optional string that explains why the certificate is being revoked. |
Variable Name |
Data Type |
Description |
---|---|---|
AuxPass |
String |
The password portion of the Secondary Credential when a user name or a password credential is assigned, or the PKCS#12 password when a certificate credential is assigned |
AuxPfxData |
Byte Array |
A PKCS#12 byte array that contains a client certificate and private key when a certificate credential is assigned as the Secondary Credential |
AuxUser |
String |
The user name portion of the Secondary Credential when a user name credential is assigned |
CertObjDN |
String |
Venafi distinguished name (DN) of the certificate object in the policy tree |
CustomFields |
Hashtable |
Hash table keys are Custom Field labels and the values are strings (single-valued) or string arrays (multi-valued). |
OAuthAccessToken |
String |
OAuth token passed to the PowerShell script. Tokens are passed only after you've provided the required information in the WebSDK OAuth Token Configuration settings of the Adaptable object. See Configuring the Adaptable CA object. How it worksWhen used, each time your script is called, Trust Protection Platform requests a new token automatically. Each new token is associated with both the specified user and with the referenced application ID. After the script finishes running, Trust Protection Platform revokes the token automatically. To get started, see Adaptable CA prerequisites. |
PfxData |
Byte Array |
PKCS#12 keystore containing client certificate and private key for authenticating with the CA; this and the PfxPass are used together to instantiate an X509Certificate2 object for client certificate authentication. |
PfxPass |
SecureString |
Password for access to the private key of the PfxData PKCS#12 |
UserName |
String |
User name for authenticating with the CA |
UserPass |
String |
Password for authenticating with the CA |
WebSdkUrl |
String |
String representing the fully-qualified domain name to the WebSDK of your Trust Protection Platform server. For information on where this variable data is set, see Trust Protection Platform server configuration. |
Return |
Data Type |
Description |
---|---|---|
Result |
String |
Shows "Success" or "NotUsed" to indicate the non-error completion state. |
For information about processing stages, see About certificate lifecycle management.