Hi,
I am looking for assistance on revoking multiple certificates issued to a list of devices from our Enterprise Certificate Authority (CA).
I have a list of device identifiers and need to revoke all certificates associated with those devices. I attempted to use the certutil.exe
tool to revoke a specific certificate, but I encountered the following error:
certutil.exe -config $CAName -revoke 28 0
Revoking "28" -- Reason: Unspecified
ICertAdmin::RevokeCertificate: The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER)
CertUtil: -revoke command FAILED: 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER)
CertUtil: The parameter is incorrect.
Additional Considerations:
- The devices in question are currently not connected to the internal network, I want to execute the cmdlets or script in the Internal CA or any Other member server.
- I have checked, I didn't get the serial number of the certificate using the certutil.exe tool, here I'm trying using the request ID.
- I want to ensure that all relevant certificates are revoked to maintain security.
It would be very helpful if you could suggest how to revoke the certificates using scripts in bulk. I can revoke the certificates using the Certificate Authority, but there are so many certificates that doing it one by one is not feasible.
Any guidance or solutions would be greatly appreciated!
Thanks.