Revoke a certificate using automated certificate management

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:5分

    • Revoke certificate for an application. Revocation doesn't require approval if order Id and certificate Id are present in the Certificate Extension table. If order Id and certificate Id aren't present in the Certificate Extension table, then you need approval.

    始める前に

    Set up the routing policy for automated certificate management to ensure the Certificate Management catalog is enabled.

    To revoke an existing certificate, make sure the certificate has its extension details populated in the [sn_disco_certmgmt_certificate_extension] table. You don't need to include an endpoint URL. The system will automatically hardcode the revoke URLs for the discovery. Currently, these details populate automatically by the Discovery DigiCert CA Pattern or for any certificates created through the automated flow. However, for Entrust certificates, this only works if you Request new certificate using automated certificate management.

    Role required: pki_admin or admin

    注:
    Currently, approvals are only supported in the Fulfiller approval experience.

    手順

    1. Navigate to All > Service Catalog > Certificate Management.
    2. Select Revoke Certificate – Automated flow.
    3. Enter the Issued Certificate which you want to revoke (for instance: www.undefined.com).
      Multiple Certificates can be selected for revoking.
    4. Provide an appropriate reason for revoking the certificate.
      For Microsoft CA the reason should be an integer. If any other value is given, a default value of 0 will be used which means unspecified.
    5. To place the revoke order, select Submit.
    6. In the confirmation pop-up, select OK.

    タスクの結果

    1. A task is automatically created when you request a revocation.
      • If order Id and certificate Id are present in the Certificate Extension [sn_disco_certmgmt_certificate_extension] table, revocation does not require approval.
      • If order Id and certificate Id aren't present in the Certificate Extension [sn_disco_certmgmt_certificate_extension] table, then the task requests approval.
      • If the serial number for Entrust CA Gateway isn't present in the Certificate Extension [sn_disco_certmgmt_certificate_extension] table, then the task requests approval.
    2. Once the PKI team provides approval, the mapping between the certificate and CA occurs based on the Routing policy selected.
    3. This triggers the revocation operation for the CA selected which uses the CA APIs.
    4. Details are stored in the Certificate Extension table.
    5. Every 30 minutes, the following scheduled job runs and checks for status: DigiCert – Track Certificate Order Status.
      注:
      There are no scheduled jobs for Entrust CA Gateway and Microsoft CA.
    6. The status of the certificate is marked as revoked.
    注:

    Certificates can't be revoked if Certificate Authority or Certificate Id details are missing in the Certificate Extension [sn_disco_certmgmt_certificate_extension] table. For Entrust CA Gateway, certificates can't be revoked if the Serial number is missing. Discover the certificate via Certificate Authority query to populate the required details in the Certificate Extension table. After that, Discovery selects the routing policy and approves the task.

    Revoke certificate API request. If "skip_approval" is true, the revoke process is completed faster. If "skip_approval" is false, the revoke process is completed when the DigiCert or Entrust CA Gateway admin has approved or rejected the revoke request. To skip the approval step, the API key must have admin privileges.