SOTI Pulse Logo

Revoke a Certificate using API - "ErrorCode": 3500, "Message": "Certificate action failed.",

R
Reach
Reach Contact ltd

Good Afternoon Everyone,

I'm currently trying to remove certificates that were installed by our old MDM system via the API as they're causing issues with Exchange Email configuration.

I'm getting an error that appears to be from MobiControl rather than a generic Rest API error but I can't find anything about it in any MobiControl documentation.

The error is:

Invoke-restmethod : {
"$type": "ErrorDetails",
"ErrorCode": 3500,
"Message": "Certificate action failed.",
"Data": [],
"HelpLink": null
}

The script I'm running is:

$MCFQDN = "https://SERVERURL/mobicontrol/api/devices/$DeviceId/certificates/$CertificateID/actions"

$Body = @{
"ActionKind" = "Revoke"
}

$Header = @{
Authorization = "Bearer $token"
}

try
{
$response = Invoke-restmethod -Uri $MCFQDN -Method POST -Headers $Header -Body (ConvertTo-Json $Body) -ContentType "application/json"
}
catch
{
$($_.Exception.Message)
}

Does anyone have any idea what the issue might be?

I'm tried removing a certificate managed by MobiControl as well and got the same error.

Thanks!

certificate api invoke-restmethod remove revoke
7 years ago
Android
ANSWERS
AV
Andrei Vesselkov
7 years ago

Is your MobiControl connecting to your ADCS through the DCOM protocol or HTTPS? The revoke certificate option is something that will only work when you are connecting to the ADCS through DCOM.

If you are not provisioning it through dcom, you are instead advised to revoke the certificate profile that is provisioning the cert from the device. This would remove the cert from the device, but not revoke the cert on the ADCS. 

SS
Support Staff Account
7 years ago (edited 7 years ago)

Hi Reach, 

Thank you for requesting an a response from SOTI Support Staff.

Andrei is also one of our best resources for API related inquires, let me know if this helps you understand and resolve your error and I will go ahead and solution the post for you.  

R
Reach
6 years ago

Hi Andrei,

Sorry for the slow response. I had problems with getting a new license associated with the account so I could reply.

We're not trying to revoke a certificate template and therefore all issued certificates on the CA, we're trying to remove an individual certificate from the devices so we can push an exchange profile that uses a certificate of the same subject name.

The certificate wasn't put there by a Soti profile so there is no profile to revoke.

Cheers,

Similar Discussions