GetRevocationStatus - AWS Signer


Retrieves the revocation status of one or more of the signing profile, signing job, and signing certificate.

Request Syntax

GET /revocations?certificateHashes=certificateHashes&jobArn=jobArn&platformId=platformId&profileVersionArn=profileVersionArn&signatureTimestamp=signatureTimestamp HTTP/1.1

URI Request Parameters

The request uses the following URI parameters.


A list of composite signed hashes that identify certificates.

A certificate identifier consists of a subject certificate TBS hash (signed by the parent CA) combined with a parent CA TBS hash (signed by the parent CA’s CA). Root certificates are defined as their own CA.

The following example shows how to calculate a hash for this parameter using OpenSSL commands:

openssl asn1parse -in childCert.pem -strparse 4 -out childCert.tbs

openssl sha384 < childCert.tbs -binary > childCertTbsHash

openssl asn1parse -in parentCert.pem -strparse 4 -out parentCert.tbs

openssl sha384 < parentCert.tbs -binary > parentCertTbsHash xxd -p childCertTbsHash > certificateHash.hex xxd -p parentCertTbsHash >> certificateHash.hex

cat certificateHash.hex | tr -d '\n'

Required: Yes


The ARN of a signing job.

Length Constraints: Minimum length of 20. Maximum length of 2048.

Required: Yes


The ID of a signing platform.

Required: Yes


The version of a signing profile.

Length Constraints: Minimum length of 20. Maximum length of 2048.

Required: Yes


The timestamp of the signature that validates the profile or job.

Required: Yes

Request Body

The request does not have a request body.

Response Syntax

HTTP/1.1 200 Content-type: application/json { "revokedEntities": [ "string" ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


A list of revoked entities (including zero or more of the signing profile ARN, signing job ARN, and certificate hashes) supplied as input to the API.

Type: Array of strings


For information about the errors that are common to all actions, see Common Errors.


You do not have sufficient access to perform this action.

HTTP Status Code: 403


An internal error occurred.

HTTP Status Code: 500


The allowed number of job-signing requests has been exceeded.

This error supersedes the error ThrottlingException.

HTTP Status Code: 429


You signing certificate could not be validated.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: