Can I revoke an SSL certificate using API calls towards the AD-CS?

Peter Tselios 0 Reputation points

I have very little experience with Windows Servers and even less with AD-CS.

In our company we use AD-CS to issue certificates for all services, including Linux machines. At the moment the process is manual, but we need to automate it using Ansible.

We start from the very end: Revoke a certificate. We have a few 12s of Linux web servers we plan to decommission soon. And we must revoke their certificates.

I try to find out the following:

  1. Is there any API that I can use with AD-CS? If so, where can I find it's documentation?
  2. If there is no API, how can I revoke a certificate?
  3. Has any of you any link/document/blog/git repo with Ansible roles/playbooks that handle AD-CS certificates?
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,746 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Vadims Podāns 9,111 Reputation points MVP

    ADCS is a COM server, so it is accessible only via DCOM RPC calls. In other words, there is no HTTP web service to manage CA. If you can use DCOM, then you can use ICertAdmin::RevokeCertificate COM interface to automate certificate revocation.

    There are other alternatives, such as:

    p.s. I'm the author of PSPKI module.

    0 comments No comments