Revoke-Certificate function

While not required, implementing logic for this function is strongly recommended as revocation is functionality that every CA is expected to support, and a standard feature of Trust Protection Platform.  This function is called whenever a user requests that a certificate be revoked and corresponds to Processing Stage 1400.

Specific hash table variables

Variable Name

Data Type

Description

CertId

String

Text used by the CA to uniquely identify the certificate being revoked.

CertPem

String

The raw X.509 certificate being revoked is in base64-encoded PEM format.

ReasonCode

Integer

One of the following RFC 5280 Revocation Reason Codes:

0=Unspecified

1=Key Compromised

2=Affiliation Changed

3=Superseded

4=Cessation of Operation

Comment

String

An optional string that explains why the certificate is being revoked.

General hash table variables

Variable Name

Data Type

Description

AuxPass

String

The password portion of the Secondary Credential when a user name or a password credential is assigned, or the PKCS#12 password when a certificate credential is assigned

AuxPfxData

Byte Array

A PKCS#12 byte array that contains a client certificate and private key when a certificate credential is assigned as the Secondary Credential

AuxUser

String

The user name portion of the Secondary Credential when a user name credential is assigned

CertObjDN

String

Venafi distinguished name (DN) of the certificate object in the policy tree

CustomFields

Hashtable

Hash table keys are Custom Field labels and the values are strings (single-valued) or string arrays (multi-valued).

OAuthAccessToken

String

OAuth token passed to the PowerShell script. Tokens are passed only after you've provided the required information in the WebSDK OAuth Token Configuration settings of the Adaptable object. See Configuring the Adaptable CA object.

How it works

When used, each time your script is called, Trust Protection Platform requests a new token automatically. Each new token is associated with both the specified user and with the referenced application ID. After the script finishes running, Trust Protection Platform revokes the token automatically. To get started, see Adaptable CA prerequisites.

PfxData

Byte Array

PKCS#12 keystore containing client certificate and private key for authenticating with the CA; this and the PfxPass are used together to instantiate an X509Certificate2 object for client certificate authentication.

PfxPass

SecureString

Password for access to the private key of the PfxData PKCS#12

UserName

String

User name for authenticating with the CA

UserPass

String

Password for authenticating with the CA

WebSdkUrl

String

String representing the fully-qualified domain name to the WebSDK of your Trust Protection Platform server. For information on where this variable data is set, see Trust Protection Platform server configuration.

Returns

Return

Data Type

Description

Result

String

Shows "Success" or "NotUsed" to indicate the non-error completion state.

For information about processing stages, see About certificate lifecycle management.