Request

Endpoint: !autoRevokeCertificate

https://secure.trust-provider.com/products/!autoRevokeCertificate

When autoRevokeCertificate is called for an order containing an issued certificate, the certificate will be revoked, unless includeInCRL=N, and marked as replaced.

This does not apply to VMC/CMC products.

When autoRevokeCertificate is called for an order containing a certificate that has not been issued, the certificate will be marked as rejected.

After calling autoRevokeCertificate with includeInCRL=N to mark the certificate as replaced, autoRevokeCertificate may subsequently be called again with includeInCRL=Y to change the certificate status from replaced to revoked and to include that certificate in the Certificate Revocation List (CRL).

Not relevant for VMC/CMC products.

Use the POST method for this endpoint.

Submit parameters in the x-www-form-urlencoded format.

Request parameters

The following table displays the required, optional, and conditional parameters.

Parameter Requirement Type Max.Length Description

loginName

required

string

64 chars

Your account username.

This value is case sensitive.

loginPassword

required

string

128 chars

Your account password.

This value is case sensitive.

orderNumber

conditional

integer

The order number of the account which contains SSL, IdA, PAC, CCC, CS certificates.

Either orderNumber, or certificateID or serialNumber must be provided.

certificateID

conditional

integer

16 digits

The internal certificate ID to revoke or reject.

A certificateID previously returned by !AutoApplySSL, !AutoReplaceSSL, or !AutoApplyIdA.

Not relevant for VMC/CMC products.

Either orderNumber, certificateID or serialNumber must be provided.

serialNumber

conditional

integer

34 digits

The serial number (hexadecimal string representation) of the certificate to revoke.

Not relevant for VMC/CMC products.

Either orderNumber, certificateID, or serialNumber must be provided.

accountID

optional

integer

The account ID of a Reseller account.

loginName and loginPassword must be the Reseller’s login credentials.

revocationReason

optional

string

1024 chars

A comment describing the reason for revocation. This information is used for your reference only. No action by Sectigo will be taken based on this information.

codeReason

optional

string

Specifies the code for the revocation reason.

The allowed values are:

  • 0 — Unspecified

  • 1 — keyCompromise

  • 3 — affiliationChanged

  • 4 — superseded

  • 5 — cessationOfOperation

For more information, see CPS.

productCode

optional

char

50 chars

Specifies the type of certificate to revoke.

The allowed values are:

  • SSL

  • IDA

  • CS

  • PAC

  • CCC

  • DS

  • EIDAS

  • EMC

product

optional

integer

Specifies the ID of the product to revoke for SSL, S/MIME, IdA, PAC, CCC, CS and MC.

Use with the orderNumber parameter.

includeInCRL

optional

char

1 char

(CS, CCC, and PAC certificates only) Specifies whether to include the revoked certificate in the CRL.

The allowed values are:

  • Y — The certificate’s serial number will be included in CRLs.

  • N — The certificate’s serial number won’t be included in CRLs.

If omitted, the value defaults to Y.

test

optional

char

1 char

Indicates whether the revocation is a test operation.

The allowed values are:

  • Y — The certificate will not actually be revoked or rejected.

  • N — The certification will be revoked.

If omitted, the value defaults to N.

responseFormat

optional

integer

1 digit

Specifies the response format.

The allowed values are:

  • 0 — Newline-delimited parameters.

  • 1 — URL-encoded parameters.

If omitted, the value defaults to 0.

revocationReason can be (but should not be) omitted. If omitted, the error code -23 will be returned instead of the error code -26, provided that the certificate is currently being issued.

Sample request

curl --location 'https://secure.trust-provider.com/products/!autoRevokeCertificate' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'loginName=login_name' \
--data-urlencode 'loginPassword=login_password' \
--data-urlencode 'orderNumber=1234567890' \
--data-urlencode 'revocationReason=reason_for_revocation' \
--data-urlencode 'codeReason=0' \
--data-urlencode 'responseFormat=1'

Response

The request is successful when the server returns a response with the status code equals 0.

Any status code less than 0 indicates an error condition.

The list of codes and their descriptions can be found in Error codes.

The response is text/plain when responseFormat=0 (by default).

If the status code is less than 0, the second line of the response is a textual representation of an error message.

autoRevokeCertificate can be instructed to return responses in the URL-encoding format by specifying responseFormat=1 in the request. The MIME type will be application/x-www-form-urlencoded.

Response parameters

When responseFormat=1, the response contains the following parameters:

  • errorCode — The error code represented by an integer. It’s always present in the response.

  • errorMessage — The explanation of the error represented by a string. This parameter is not present when errorCode=0.

Sample success response

Success response with the code 0.

0

Sample error response

errorCode=-16&errorMessage=Incorrect+login+details%2C+account+is+locked%2C+password+has+expired+or+your+source+IP+is+blocked.

Error codes

The following table outlines error responses returned by the autoRevokeCertificate API endpoint. Each error response consists of an errorCode and an errorMessage indicating why the request failed.

Error Code Error Message Description

-1

Request was not made over https!

The request must use HTTPS protocol.

-2

'xxxx' is an unrecognised argument!

The provided argument is not recognized.

-3

The 'xxxx' argument is missing!

The required argument is missing from the request.

-4

The value of the 'xxxx' argument is invalid!

The argument value does not meet validation requirements.

-14

An unknown error occurred!

An unknown error occurred.

-16

Incorrect login details, account is locked, password has expired or your source IP is blocked.

Authentication failed due to permission issues, incorrect login, locked account, expired password, or blocked IP.

-17

Request used GET rather than POST!

The request method should be POST.

-20

The certificate request has already been rejected!

The requested certificate is in a rejected state.

-21

The certificate has already been revoked!

The requested certificate is in a revoked state.

-23

The certificate is currently being issued!

The required certificate is in the process of being issued.

When the revocationReason parameter is omitted in the request, -23 will be returned instead of -26.

-26

The certificate is currently being issued!

The requested certificate is in the process of being issued.

-34

The certificate has already been replaced!.

The certificate cannot be revoked because it has been replaced.

35

The Certificate does not allow revocation after expiry!

The certificate cannot be revoked because it is expired.

-42

Call limit reached! Please try again later

The maximum number of allowed API requests has been exceeded. Please wait before submitting additional requests.

-43

Certificate is not in a revocable state

The certificate cannot be revoked in its current state.

-160

Failed to revoke certificate.

The certificate revocation failed due to a general error.