Revoke Certificate API

I am testing revoke API in the staging environment using two accounts, say A and B. Now I issued a certificate for my website xyz.com using A -> certificate C_a and using B->certificate C_b.

Now, if I try to revoke the certificate C_a using the private key of account B, it is working fine and C_a is revoked!
One possible explanation I can think of is this-
an account that holds authorizations for all of the identifiers in the certificate.

Is this the correct explanation or an I missing something?

Yes, that is likely the correct explanation: an ACME registration that has a valid authorization for a hostname can revoke any certificate for that hostname, except for certs that also contain other hostnames not covered by its authorizations.

4 Likes

So, if B has issued certificates for xyz. com and abc. com separately, can it revoke a single certificate issued by A for xyz. com and abc. com?

I think so, yes.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.