Revoke order certificates

PUT
https://www.digicert.com/services/v2/order/certificate/{{order_id}}/revoke

Use this endpoint to submit a request to revoke all certificates on an order.

This operation revokes all certificates on an order, including duplicates and reissues. To revoke only a single certificate on an order, use the Revoke certificate endpoint.

Revoking a certificate is permanent. For most implementations, revoking a code signing or document signing certificate invalidates past signatures and timestamps on code or documents signed by the certificate.

Skip the approval step

After submitting the request, an administrator must approve it before DigiCert can revoke the certificate.

To skip the approval step and submit the request directly to DigiCert for revocation, include "skip_approval": true in the body of your request. To skip the approval step, the API key must have admin privileges. See Authentication.

Example request and response

Skip approval step (cURL) 
curl -X PUT \
  'https://www.digicert.com/services/v2/order/certificate/{{order_id}}/revoke' \
  -H 'Content-Type: application/json' \
  -H 'X-DC-DEVKEY: {{api_key}}' \
  -d '{
  "skip_approval": true
}'
Create revocation request (cURL) 
curl -X PUT \
  'https://www.digicert.com/services/v2/order/certificate/{{order_id}}/revoke' \
  -H 'Content-Type: application/json' \
  -H 'X-DC-DEVKEY: {{api_key}}' \
  -d '{
  "comments": "I no longer need this certificate."
}'
204 (Skip approval step) 
// empty
201 (Create revocation request) 
{
  "id": 1,
  "date": "2016-02-10T17:06:15+00:00",
  "type": "revoke",
  "status": "pending",
  "requester": {
    "id": 242140,
    "first_name": "John",
    "last_name": "Doe",
    "email": "j.doe@example.com"
  },
  "comments": "I no longer need this certificate."
}

Request parameters

Name Req/Opt Type Description
comment optional string Message to associate with the revocation request. Use this field to add a comment to the request for the request approver.

Note: DigiCert only stores the comment value on revocation requests. If skip_approval is true and the requestor has admin privileges, DigiCert revokes the certificate without creating a request, and we do not store the comment value.
skip_approval optional bool If true, the revoke request skips the approval step and is immediately submitted to DigiCert for revocation. Otherwise, false (default).

Note: For skip approvals to work, the API key must have admin privileges.

Response parameters

If you skip the approval step, the API returns a status of 204 (No Content) instead of these fields.

Name Type Description
id int Request ID.
date string Timestamp of when the revoke request was submitted.

Format: UTC timezone and ISO 8601 date
type string Request type.

Possible values: revoke
status string Status of the revoke request.

Possible values: submitted, pending, approved, rejected
requester object Details about the user that placed the request. See Structures – User details object.
.. id int User ID.
.. first_name string First name of user.
.. last_name string Last name of user.
.. email string Email address of user.
comments string Message about the revoke request.

About

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.