PSPKI icon indicating copy to clipboard operation
PSPKI copied to clipboard

Published 20 hours ago verified publisher icon PKISolutions

Revocation Syntax for Request ID

Open Flyslinger2 opened this issue 1 year ago • 9 comments

I need to revoke certs based on the Request ID. I've scoured the interwebs and have not had any luck.

Can someone please provide an example?

Thanks

Flyslinger2 avatar Jun 13 '24 11:06 Flyslinger2

Have you looked Revoke-Certificate command examples: https://www.pkisolutions.com/tools/pspki/Revoke-Certificate?

Crypt32 avatar Jun 13 '24 13:06 Crypt32

Yes. I referenced that before submitting the ticket. I want to filter on Request ID.

Mark R. Sigsbee, CISSP

[cid:c8e17d94-2789-4d90-8531-0dccd7e98acd]https://www.linkedin.com/in/mark-sigsbee/

SUNet PKI Support Team

@.@.>

(301)509-7592 (cell)

[cid:03d8d51e-8174-47fd-829a-e74fe472db19]

From: Vadims Podans @.> Sent: Thursday, June 13, 2024 9:07 AM To: PKISolutions/PSPKI @.> Cc: Mark Sigsbee @.>; Author @.> Subject: Re: [PKISolutions/PSPKI] Revocation Syntax for Request ID (Issue #217)

Have you looked Revoke-Certificate command examples: https://www.pkisolutions.com/tools/pspki/Revoke-Certificate?

— Reply to this email directly, view it on GitHubhttps://github.com/PKISolutions/PSPKI/issues/217#issuecomment-2165618267, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJHY7I7ABNKK5L3IYRB6NY3ZHGKP3AVCNFSM6AAAAABJIGZBNGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRVGYYTQMRWG4. You are receiving this because you authored the thread.Message ID: @.***>

Flyslinger2 avatar Jun 13 '24 15:06 Flyslinger2

Look at the last example. Just replace Get-RevokedCertificate with Get-IssuedCertificate, for example:

Get-CertificationAuthority MyCA | Get-IssuedRequest -ID 17 | Revoke-Certificate -Reason "KeyCompromise"

Crypt32 avatar Jun 13 '24 17:06 Crypt32

Nothing happens with this syntax. Powershell comes back with a prompt immediately. No error messages and cert status never changes.

Mark R. Sigsbee, CISSP

[cid:ac62bff1-56e5-44e8-8e26-39d4da418860]https://www.linkedin.com/in/mark-sigsbee/

SUNet PKI Support Team

@.@.>

(301)509-7592 (cell)

[cid:b685f415-c067-4b63-b06e-1eb7fe936a37]

From: Vadims Podans @.> Sent: Thursday, June 13, 2024 1:13 PM To: PKISolutions/PSPKI @.> Cc: Mark Sigsbee @.>; Author @.> Subject: Re: [PKISolutions/PSPKI] Revocation Syntax for Request ID (Issue #217)

Look at the last example. Just replace Get-RevokedCertificate with Get-IssuedCertificate, for example:

Get-CertificationAuthority MyCA | Get-IssuedRequest -ID 17 | Revoke-Certificate -Reason "KeyCompromise"

— Reply to this email directly, view it on GitHubhttps://github.com/PKISolutions/PSPKI/issues/217#issuecomment-2166353633, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJHY7I46M3QINVUXHZKACODZHHHL7AVCNFSM6AAAAABJIGZBNGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRWGM2TGNRTGM. You are receiving this because you authored the thread.Message ID: @.***>

Flyslinger2 avatar Jun 17 '24 20:06 Flyslinger2

Then your command has incorrect parameters.

Crypt32 avatar Jun 18 '24 06:06 Crypt32

Attached is a screen shot of my command. Sadly I live in the air-gapped world so I have no capabilities to copy down files.

Revoke Issue

Flyslinger2 avatar Jun 18 '24 12:06 Flyslinger2

And what your text file content look like?

Crypt32 avatar Jun 18 '24 13:06 Crypt32

Revoke Issue REQ ID List

Flyslinger2 avatar Jun 18 '24 17:06 Flyslinger2

Resolved the issue. I had to use FQDN in replacement of "MyCA".

Flyslinger2 avatar Jun 24 '24 19:06 Flyslinger2