Certificate clean

The certificate clean endpoint of the CA API allows you to revoke and delete a list of certificates with a single request.

PUT /puppet-ca/v1/clean
Content-Type: application/json

The request body takes one required key — certnames. This includes the list of certificates for the endpoint to clean. Each certificate in the list is revoked, and the associated certificate file deleted from the CA.

If a certname does not have an associated signed cert on the CA, the response body calls this out, but the request does not error.

On this page:

Example

In the following example, both certs are revoked and their files deleted.

PUT /puppet-ca/v1/clean
Content-Type: application/json
Content-Length: 58

{"certnames":["agent1.example.net","agent2.example.net"]}

HTTP/1.1 200 OK
Context-Type: text/plain
Successfully cleaned all certificates.

In the following example, the missing certificate is skipped, and the other is revoked and deleted.

PUT /puppet-ca/v1/clean
Content-Type: application/json
Content-Length: 58

{"certnames":["missing.example.net","agent1.example.net"]}

HTTP/1.1 200 OK
Context-Type: text/plain
The following certs do not exist and cannot be revoked: ["missing.example.net"]