Skip to content

Revoke-PACertificate

Synopsis

Revoke an ACME certificate

Syntax

MainDomain (Default)

Revoke-PACertificate [[-MainDomain] <String>] [-Name <String>] [-Reason <RevocationReasons>] [-Force] [-WhatIf]
 [-Confirm] [<CommonParameters>]

CertFile

Revoke-PACertificate -CertFile <String> [-KeyFile <String>] [-Reason <RevocationReasons>] [-Force] [-WhatIf]
 [-Confirm] [<CommonParameters>]

Description

Any certificate created with the current ACME account can be revoked. If you need to revoke a certificate not created with the current account, you either need to specify both CertFile and KeyFile. If you don't have the private key, you will need to go through the authorization process on this account for all names in the certificate and just specify CertFile.

Note

Revoking a certificate is discouraged unless the private key is known to have been compromised. Revoking certs that simply aren't being used anymore is a waste of CA resources.

Examples

Example 1: Revoke Order Cert

Get-PAOrder | Revoke-PACertificate -Force

Revokes the certificate associated with the current order and skips the confirmation prompt.

Example 2: Revoke with Reason

Get-PACertificate | Revoke-PACertificate -Reason keyCompromise

Revokes the current certificate with the specified reason.

Example 3: Revoke External Cert

Revoke-PACertificate -CertFile mycert.crt -KeyFile mycert.key

Revokes the specified cert using the specified private key.

Parameters

-MainDomain

The primary domain associated with the certificate to be revoked.

Type: String
Parameter Sets: MainDomain
Aliases:

Required: False
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

-Name

The name of the ACME order. This can be useful to distinguish between two orders that have the same MainDomain.

Type: String
Parameter Sets: MainDomain
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-CertFile

A PEM-encoded certificate file to be revoked.

Type: String
Parameter Sets: CertFile
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-KeyFile

The PEM-encoded private key associated with CertFile. If not specified, the current ACME account will be used to sign the request.

Type: String
Parameter Sets: CertFile
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Reason

The reason for cert revocation. This must be one of the reasons defined in RFC 5280 including keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold, removeFromCRL, privilegeWithdrawn, and aACompromise. NOTE: Some reason codes are not supported by some ACME CAs.

Type: RevocationReasons
Parameter Sets: (All)
Aliases:
Accepted values: keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold, removeFromCRL, privilegeWithdrawn, aACompromise

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Force

If specified, the revocation confirmation prompt will be skipped.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

New-PACertificate