Envy Asked: 2016-11-09 02:06:59 +0800 CST2016-11-09 02:06:59 +0800 CST 2016-11-09 02:06:59 +0800 CST Certutil -revoke 772 i am trying to use certutil to manage my CA. Is there a possible way to user Certutil -revoke "RequestID=?" I only see it for the SerialNumber of the certificate wich is not really handsome. Envy windows certificate-authority 2 Answers Voted Daniel Fisher lennybacon 2019-03-07T14:39:01+08:002019-03-07T14:39:01+08:00 You can use certutil as follows: & certutil -revoke 1600002a4c376fd805b39162d7000400002a4c "6" Where 6 is the reason code (Certificate Hold) stackprotector 2022-07-30T00:35:15+08:002022-07-30T00:35:15+08:00 You can write your own PowerShell function to achieve that. You will need two CertUtil.exe calls for that: Use CertUtil.exe to get the serial number of the certificate with your given $RequestId: CertUtil.exe -view -silent -restrict "RequestId=$RequestId,Disposition=20" -out 'SerialNumber' Parse the serial number from the output into $SerialNumber. Use CertUtil.exe to revoke the certificate: CertUtil.exe -revoke $SerialNumber 0 Disposition=20 will filter issued certificates only. -revoke uses different revoke reasons. You can look them up here.
You can use
certutilas follows:Where
6is the reason code (Certificate Hold)You can write your own PowerShell function to achieve that. You will need two
CertUtil.execalls for that:Use
CertUtil.exeto get the serial number of the certificate with your given$RequestId:Parse the serial number from the output into
$SerialNumber.Use
CertUtil.exeto revoke the certificate:Disposition=20will filter issued certificates only.-revokeuses different revoke reasons. You can look them up here.