gcloud beta privateca certificates revoke - revoke a certificate
gcloud beta privateca certificates revoke (--certificate=CERTIFICATE : --serial-number=SERIAL_NUMBER) [--reason=REASON; default="unspecified"] [--issuer=ISSUER : --issuer-location=ISSUER_LOCATION] [GCLOUD_WIDE_FLAG ...]
(BETA) Revokes the given certificate for the given reason.
To revoke the 'frontend-server-tls' certificate due to key compromise:
$ gcloud beta privateca certificates revoke \ --certificate=frontend-server-tls --issuer=server-tls-1 \ --issuer-location=us-west1 --reason=key_compromise
To revoke the a certificate with the serial number '7dc1d9186372de2e1f4824abb1c4c9e5e43cbb40' due to a newer one being issued:
$ gcloud beta privateca certificates revoke \ --serial-number=7dc1d9186372de2e1f4824abb1c4c9e5e43cbb40 \ --issuer=server-tls-1 --issuer-location=us-west1 \ --reason=superseded
- The certificate identifier.
Exactly one of these must be specified:
- Certificate resource - The certificate to revoke. This represents a Cloud
resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute:
provide the argument --certificate on the command line with a fully specified name;
provide the argument --project on the command line;
set the property core/project. To set the issuer-location attribute:
provide the argument --certificate on the command line with a fully specified name;
set the property privateca/location. To set the issuer attribute:
provide the argument --certificate on the command line with a fully specified name.
- --certificate=CERTIFICATE
ID of the certificate or fully qualified identifier for the certificate. To set the certificate attribute:
- —
provide the argument --certificate on the command line.
- --serial-number=SERIAL_NUMBER
The serial number of the certificate.
- --reason=REASON; default="unspecified"
Revocation reason to include in the CRL. REASON must be one of: affiliation-changed, attribute-authority-compromise, certificate-authority-compromise, certificate-hold, cessation-of-operation, key-compromise, privilege-withdrawn, unspecified, superseded.
- Issuing CA resource - The issuing certificate authority of the certificate to
revoke. The arguments in this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute:
- —
provide the argument --issuer on the command line with a fully specified name;
- —
provide the argument --project on the command line;
- —
set the property core/project.
- --issuer=ISSUER
ID of the Issuing CA or fully qualified identifier for the Issuing CA. To set the issuer attribute:
provide the argument --issuer on the command line.
This flag argument must be specified if any of the other arguments in this group are specified.
- --issuer-location=ISSUER_LOCATION
The location of the Issuing CA. To set the issuer-location attribute:
provide the argument --issuer on the command line with a fully specified name;
provide the argument --issuer-location on the command line;
set the property privateca/location.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in beta and might change without notice. This variant is also available:
$ gcloud privateca certificates revoke