ACMEv2 unable to revoke using account key


#1

Per the draft 9 spec, “The server MUST consider at least the following accounts authorized for a given certificate: the account that issued the certificate.”

However, using the acmev2 staging server, if I revoke using that account, I get a 403 with the detail of “JWK embedded in revocation request must be the same public key as the cert to be revoked”.


#2

Looks like you might need to use the kid method if the signer is the ACME Account Key, whereas JWK is used when the signer is the Certificate Private Key.


#3

That’s correct. Thanks!


#4

Ok, I see. I wonder if the “jwk” bullet point in section 6.2 should be clarified. Thanks for the clarification.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.