PKI CA REVOKE

Level

pki+modify

History

Appears in 9.0.0
scope appears in 3.7.0

Description

Remove a CA and revoke all the certificates under (but not its sub-CAs) CACHE_CATEGORY pki

Usage

caname=<name>
[passphrase=<pass>] (mandatory if the CA has a private key)
[format=<pem|der>] (for output CRL, mandatory if the CA has a private key)
[reason=<unknow|keyCompromise|CACompromise|affiliationChanged|superseded|cessationOfOperation|certificateHold|privilegeWithdrawn|AACompromise>]
[topcapass=<pass>] (mandatory if the CA has a top-CA which has a private key)
[force=<0|1>] (used to remove an in-use CA)
[scope=<both|local|global>] (default is both)

Returns

a CRL file in the specified format, or an error code