Revoke Certificate API

Rimuru · January 4, 2024, 12:46pm

I am testing revoke API in the staging environment using two accounts, say A and B. Now I issued a certificate for my website xyz.com using A -> certificate C_a and using B->certificate C_b.

Now, if I try to revoke the certificate C_a using the private key of account B, it is working fine and C_a is revoked!
One possible explanation I can think of is this-
an account that holds authorizations for all of the identifiers in the certificate.

Is this the correct explanation or an I missing something?

JamesLE · January 4, 2024, 12:49pm

Yes, that is likely the correct explanation: an ACME registration that has a valid authorization for a hostname can revoke any certificate for that hostname, except for certs that also contain other hostnames not covered by its authorizations.

Rimuru · January 4, 2024, 12:53pm

So, if B has issued certificates for xyz. com and abc. com separately, can it revoke a single certificate issued by A for xyz. com and abc. com?

JamesLE · January 4, 2024, 12:54pm

I think so, yes.

system · February 3, 2024, 12:55pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate download by third party accounts Client dev	18	995	September 1, 2023
Upcoming changes to revocation reasons API Announcements	1	1540	September 21, 2022
Insufficient authz for names in cert during revocation Help	16	787	April 21, 2023
Change in Revocation Methods Due to a (now patched) ACME bug API Announcements	1	2937	December 13, 2021
Exhaustive API's for certificate creation, renewal and revocation Client dev	3	2166	December 23, 2018

Revoke Certificate API

Related topics