UA Part 12: Discovery and Global Services - 7.8.2.5 RemoveCertificate

The RemoveCertificate Method allows a Client to remove a single Certificate from the TrustList. It returns Bad_InvalidArgument if the thumbprint does not match a Certificate in the TrustList.

If the Certificate is a CA Certificate that has CRLs then all CRLs for that CA are removed as well.

This Method returns Bad_CertificateChainIncomplete if the Certificate is a CA Certificate needed to validate another Certificate in the TrustList.

This Method returns Bad_TransactionPending if a transaction is in progress (see 7.10.7).

This Method returns Bad_NotWritable if the TrustList Object is read only. For PullManagement, this Method shall be called from an authenticated SecureChannel and from a Session that has access to the CertificateAuthorityAdmin Role (see 7.2).

For PushManagement, this Method shall be called from an authenticated SecureChannel and from a Session that has access to the SecurityAdmin Role (see 7.2).

Signature

RemoveCertificate(

[in] String thumbprint

[in] Boolean isTrustedCertificate

);

Argument	Description
Thumbprint	The CertificateDigest of the Certificate to remove.
isTrustedCertificate	If TRUE the Certificate is removed from the Trusted Certificates List. If FALSE the Certificate is removed from the Issuer Certificates List.

Method Result Codes (defined in Call Service)

Result Code	Description
Bad_UserAccessDenied	The current user does not have the rights required.
Bad_InvalidArgument	The certificate to remove was not found.
Bad_InvalidState	The Open Method was called with write access and the CloseAndUpdate Method has not been called.
Bad_CertificateChainIncomplete	The Certificate is needed to validate another Certificate in the TrustList.
Bad_TransactionPending	Transaction has started and ApplyChanges or CancelChanges has not been called.
Bad_SecurityModeInsufficient	The SecureChannel is not authenticated.

Table 26 – RemoveCertificate Method AddressSpace Definition