Revoke Certificate

Before you begin

Before attempting to revoke the certificate, make sure that the certificate is in the Active state.

Request Structure


Endpoint:	`/ssh/cert/revoke`
Type:	`POST`
Sample URL:	`https://<IP/HostName/TenantName>:<GWPORT>/avxapi/ssh/cert/revoke?gwsource=external` To understand the elements of the sample URL, click here.
Headers:
Content-Type:	application/json

Table 1. Request Parameters
Name	Description
sessionId `Header`	(Mandatory) Session ID received after login. Type: String Constraints: Required if username and password are not provided.
username `Header`	(Mandatory) AppViewX login username. Type: String Constraints: Required if sessionId is not provided.
password `Header`	(Mandatory) AppViewX login password. Type: String Constraints: Required if sessionId is not provided.
Content-Type `Header`	(Mandatory) Specifies the nature of the data in the payload. Type: String Constraints: The value of the param should be ‘application/json’.
gwsource `Query`	(Mandatory) Source from which the request is triggered. (E.g. external) Type: String
Payload `Body`	(Mandatory) Contains all the parameters to be sent in the request body for the post request. Type: Payload

Payload


Name	Description
caName	(Mandatory) Name of the CA that signed the certificate. Type: List
groupName	(Mandatory) Name of the key compliance group to which the certificate is assigned. Type: String
serialNumber	(Optional) Serial number of the certificate. Type: String Constraints: Required if certificate is not provided.
certificate	(Optional) Certificate content Type: String Constraints: Required if serialNumber is not provided.
reason	(Optional) Reason for revocation. Type: String

Response Structure

200 OK returns string of type application/json with the following body params.

Table 2. Response Parameters
Name	Description
response	Contains the response message of the API. Type: Revoke Response
message	Success message of the action or failure description in case of error. Will be non-null for failure response. Type: String
appStatusCode	Application-specific status code for the response. Will be non-null for failure response. Type: String
tags	More info in case of failure response.

Revoke Response


revokedRequests	List of revoked requests. Type: List
failedRequests	List of failed requests. Type: List

Status Codes

Table 3. Status Codes and Description
HTTP Status code	appStatusCode	Message and Possible remediation
200 OK	NA	Success
401 Unauthorized	AVX_GW_003	Authentication failed, reason - Invalid Credentials Possible remediation: Ensure that valid username and password or valid sessionId is provided as the header param.
400 Bad Request	VALIDATION_ERROR_0004	Mandatory field <<field name>> is missing or or empty Possible remediation: Check and ensure that valid value is provided for <<field name>> field in the request.
400 Bad Request	ERR-SSH_NB-270	Max request size exceeded::[Max request size allowed is 25] Possible remediation: Check and ensure that the number of requests specified in the payload is less than 25.
417 Expectation Failed	ERR-SSH-NB-298	One or more groups do not have permission to perform this action. Possible remediation: Check and ensure that the user has access to the specified key compliance group.

Sample Request/Response

Use Case

To revoke SSH certificate using revoke_certificate API.

Request URL

https://<IP/HostName/TenantName>:<GWPORT>/avxapi/ssh/cert/revoke?gwsource=external

Sample Request


[
    {
      "serialNumber":"3527182657550928",
      "caName":"Default-Infra-Access-Group.user.ca",
      "reason":"test",
      "groupName":"Default_Key_Group"
    },
    {
      "certificate":“<actual certificate content should be populated here>”,
      "caName":"TestHostCA",
      "reason":"test",
      "groupName":"Default_Key_Group"
    }
]

Sample Response


{
    "response": {
        "revokedRequests": [
            {
                "caIdentifier": "Default-Infra-Access-Group.user.ca",
                "error": null,
                "certificate": “<actual certificate content will be present here>”,
                "serialNumber": "3527182657550928",
                "revoked": true
            }
        ],
        "failedRequests": [
            {
                "caIdentifier": "TestHostCA",
                "error": "No CA found with given name or Id",
                "certificate": “<actual certificate content will be present here>”,
                "serialNumber": null,
                "revoked": false
            }
        ]
    },
    "message": "Success",
    "appStatusCode": "SSH-NB-200",
    "tags": {},
    "headers": null
}

Reference

Understanding the sample URL:

IP/HostName/TenantName: Replace with the actual IP address, hostname, or tenant name based on the specific configuration in AppViewX.
- IP: A unique identifier assigned to each device connected to a computer network that uses the Internet Protocol for communication
  The IP address will be included in the endpoint URL for an on-prem deployment.
- HostName: A human-readable label assigned to a device (host) on a network
  The hostname will be included in the endpoint URL for an on-prem deployment.
- TenantName: An identifier label for a tenant given to indicate which tenant's data the API request will access/modify
  The tenant name will be included in the endpoint URL for a SaaS deployment.
GWPORT: AppViewX gateway port
A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.
Note: GWPORT is not required for SaaS setups.
Example: 31443
avxapi: Path parameter value (static) that is part of the endpoint's URL
Endpoint: Endpoint of the API, for example: /ssh/host/create
gwsource: Source or origin of a gateway, for example: external.

What's Next

SSH Create Certificate