Revoke certificate

PUT
https://www.digicert.com/services/v2/certificate/{{certificate_identifier}}/revoke

Use this endpoint to submit a request to revoke a single certificate on an order. In the endpoint path, replace certificate_identifier with the certificate ID or serial number of the certificate to revoke.

To submit a request to revoke the entire order, use the Revoke order certificates endpoint.

Revoking a certificate is permanent. For most implementations, revoking a code signing or document signing certificate invalidates past signatures and timestamps on code or documents signed by the certificate.

Certificates with a pending reissue order cannot be revoked. To revoke a certificate with a pending reissue, either cancel the reissue request or revoke the certificate after the reissue is complete.

Skip the approval step

After submitting the request, an administrator must approve it before DigiCert can revoke the certificate.

To skip the approval step and submit the request directly to DigiCert for revocation, include "skip_approval": true in the body of your request. To skip the approval step, the API key must have admin privileges. See Authentication.

What happens if I revoke a certificate on an order with only a single certificate?

When you revoke a certificate on an order with only a single certificate:

  • The order is still active.
  • You can still reissue a certificate on that order.
    If you do not plan to reissue a certificate for the order, use the Revoke order certificates endpoint to submit a request to revoke the order.
  • No refund is provided for a revoked certificate on an order.

To change this behavior such that revoking the only certificate on the order also revokes the entire order, follow these steps:

  1. Sign in to your CertCentral account.
  2. In the left menu, go to Settings > Preferences.
  3. On the Preferences page, expand Advanced settings.
  4. Under Certificate Revocations (API Only), select Revoke order when all certificates are revoked.
    This setting only applies to the Revoke certificate endpoint in the Services API. To revert to the default behavior, select Revoke individual certificates.
  5. Scroll to the bottom of the page and click Save Settings.

Example requests and responses

cURL 
curl -X PUT \
  'https://www.digicert.com/services/v2/certificate/{{certificate_identifier}}/revoke' \
  -H 'Content-Type: application/json' \
  -H 'X-DC-DEVKEY: {{api_key}}' \
  -d '{
  "comments": "I no longer need this cert.",
  "skip_approval": true
}'
Python 
import requests

url = "https://www.digicert.com/services/v2/certificate/{{certificate_identifier}}/revoke"

payload = "{\n  \"comments\": \"I no longer need this cert.\",\n \"skip_approval\":true\n}"
headers = {
    'X-DC-DEVKEY': "{{api_key}}",
    'Content-Type': "application/json"
    }

response = requests.request("PUT", url, data=payload, headers=headers)

print(response.text)
Go 
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://www.digicert.com/services/v2/certificate/{{certificate_identifier}}/revoke"

	payload := strings.NewReader("{\n  \"comments\": \"I no longer need this cert.\,"\n \"skip_approval\":true\n}")

	req, _ := http.NewRequest("PUT", url, payload)

	req.Header.Add("X-DC-DEVKEY", "{{api_key}}")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
NodeJS 
var request = require("request");

var options = { method: 'PUT',
  url: 'https://www.digicert.com/services/v2/certificate/{{certificate_identifier}}/revoke',
  headers: 
   { 'Content-Type': 'application/json',
     'X-DC-DEVKEY': '{{api_key}}' },
  body: { comments: 'I no longer need this cert.', 
	    skip_approval: true},   
  json: true };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
201 Created 
{
  "id": 1,
  "date": "2016-02-10T17:06:15+00:00",
  "type": "revoke",
  "status": "pending",
  "requester": {
    "id": 14,
    "first_name": "John",
    "last_name": "Smith",
    "email": "john.smith@digicert.com"
  },
  "comments": "I no longer need this cert."
}
204 No Content (skip approval) 
// empty

Path parameters

Name Req/Opt Description
certificate_identifier required Value that identifies the certificate to revoke. Accepts the certificate ID or serial number.

Request parameters

Name Req/Opt Type Description
comments optional string Message about the revoke request.
skip_approval optional bool If true, the revoke request skips the approval step and is immediately submitted to DigiCert for revocation. Otherwise, false.
Default: false
Note: To skip the approval step, the API key must have admin privileges.

Response parameters

Name Type Description
id int Request ID.
date string Timestamp of when the request was submitted.
Format: UTC timezone and ISO 8601 date
type string Request type.
Possible values: revoke
status string Status of the revoke request.
Possible values: submitted, pending, approved, rejected
requester object Details about the user that placed the request.
See Structures – User details object.
.. id int User ID.
.. first_name string First name of user.
.. last_name string Last name of user.
.. email string Email address of user.
comments string Message about the revoke request.

About

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.