RevokeCertificate - AWS Certificate Manager Private Certificate Authority


The following Java sample shows how to use the RevokeCertificate operation.

This operation revokes a certificate that you issued by calling the IssueCertificate operation. If you enabled a certificate revocation list (CRL) when you created or updated your private CA, information about the revoked certificates is included in the CRL. ACM Private CA writes the CRL to an Amazon S3 bucket that you specify. For more information, see the CrlConfiguration structure.

package com.amazonaws.samples; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.client.builder.AwsClientBuilder; import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration; import com.amazonaws.AmazonClientException; import com.amazonaws.auth.AWSStaticCredentialsProvider; import; import; import; import; import; import; import; import; import; import; public class RevokeCertificate { public static void main(String[] args) throws Exception { // Retrieve your credentials from the C:\Users\name\.aws\credentials file // in Windows or the .aws/credentials file in Linux. AWSCredentials credentials = null; try { credentials = new ProfileCredentialsProvider("default").getCredentials(); } catch (Exception e) { throw new AmazonClientException("Cannot load your credentials from disk", e); } // Define the endpoint for your sample. String endpointRegion = "region"; // Substitute your region here, e.g. "us-west-2" String endpointProtocol = "https://acm-pca." + endpointRegion + ""; EndpointConfiguration endpoint = new AwsClientBuilder.EndpointConfiguration(endpointProtocol, endpointRegion); // Create a client that you can use to make requests. AWSACMPCA client = AWSACMPCAClientBuilder.standard() .withEndpointConfiguration(endpoint) .withCredentials(new AWSStaticCredentialsProvider(credentials)) .build(); // Create a request object. RevokeCertificateRequest req = new RevokeCertificateRequest(); // Set the certificate authority ARN. req.setCertificateAuthorityArn("arn:aws:acm-pca:region:account:certificate-authority/CA_ID"); // Set the certificate serial number. req.setCertificateSerial("79:3f:0d:5b:6a:04:12:5e:2c:9c:fb:52:37:35:98:fe"); // Set the RevocationReason. req.withRevocationReason(RevocationReason.<<KEY_COMPROMISE>>); // Revoke the certificate. try { client.revokeCertificate(req); } catch (InvalidArnException ex) { throw ex; } catch (InvalidStateException ex) { throw ex; } catch (ResourceNotFoundException ex) { throw ex; } catch (RequestAlreadyProcessedException ex) { throw ex; } catch (RequestInProgressException ex) { throw ex; } catch (RequestFailedException ex) { throw ex; } } }