API Method - revoke
Purpose
Use the “revoke” method for revoking the x509 certificates based on the certificate serial number.
Type of Method
POST
Request URL
http://www.example.com/emCAServices/rest/revoke
Request Post data Input Parameter
JSON Object Contains below parameters
Parameter | Presence | Data Type | Description |
userName | M |
String |
You need to pass username that is registered with emCA for API process. |
password | M |
String |
You need to pass the password that is registered with emCA for API process. |
signature | M |
String |
Pass the signature (signed data) in section 5 i.e., PKCS#7 data Signed Certificate Serial Number |
remarks | M | String | Pass your reason for revocation of certificate |
revokeMode |
M |
Integer | Pass the below values
0 for - Unspecified 1 for - Key Compromise 2 for - CA compromise 3 for - Affiliation 4 for - Superseded 5 for - Cessation of operation 9 for - Privilege withdrawn 10 for - AA Compromise |
Sample JSON Object
Parameter | Presence | Data Type | Description |
requestData | M | String | All the request input parameters mentioned above should be converted to JSON object and encrypted with AES 256 key shared with you by emCA team. Pass Encrypted JSON Object. |
userName | M | String |
You need to pass username that is registered with emCA for API process. |
Header Details
Key | Presence | Value | Text |
Application / JSON | M | Content-Type | Type of request should be in JSON Format. |
Authentication Key | M | emKey | emKey is an encoded key (Refer section 4 for generating Authentication Key using command prompt). |
Sample Request Data
Process
When request is received by emCA service, we will decrypt the request JSON Object with same AES key that is shared to the client.
After successful decryption, request JSON object (Signed serial number + Username + Password + revokeMode + remarks) is retrieved.
First emCA service will validate username and password and check if the IP Address used for request and registered with the user are same.
If it is same then signed data (signature) is validated by checking whether serial number is signed by pfx which is registered for the specific user.
If validation fails at any point in processing the request, the emCA service will throw error /failure message.
Response Parameters
Parameter | Data Type | Description |
response |
String |
Returns JSON Object |
JSON Object Contains below parameters.
Parameter | Data Type | Description |
status |
String |
Returns Status of the request as success if certificate revocation is successful. Returns status of the request as failure when authentication fails or unregistered user tries to call the API |
result |
String |
Returns In case of success: “Certificate revoked successfully” message will be displayed. In case of failure: error message will be displayed. |
subscriberId | String |
Returns Subscriber Id |
requestId | String |
Return Request ID null. |
Response JSON Format
Error Messages
Error Message | Description |
CRL does not exist | If CRL is not created for Issuer certificate |
Certificate already revoked | If user certificate is already revoked |
Signature verification failed | If signature parameter (certificate serial number) contains invalid certificate serial number. |
No Data Found For <serial number> | If no certificate is available for requested certificate serial number |
Last updated