7.8.2.7 RemoveCertificate
The RemoveCertificate Method allows a Client to remove a single Certificate from the TrustList. It returns Bad_InvalidArgument if the Thumbprint does not match a Certificate in the TrustList.
If the Certificate is a CA Certificate that has CRLs then all CRLs for that CA are removed as well.
This Method returns Bad_CertificateChainIncomplete if the Certificate is a CA Certificate needed to validate another Certificate in the TrustList.
This Method returns Bad_TransactionPending if a transaction is in progress (see 7.10.9).
This Method returns Bad_NotWritable if the TrustList Object is read only. For PullManagement, this Method shall be called from an authenticated SecureChannel and from a Session that has access to the CertificateAuthorityAdmin Role (see 7.2).
For PushManagement, this Method shall be called from an authenticated SecureChannel and from a Session that has access to the SecurityAdmin Role (see 7.2).
Signature
RemoveCertificate(
[in] String Thumbprint
[in] Boolean IsTrustedCertificate
);| Argument | Description |
| Thumbprint | The SHA1 hash of the DER form of the Certificate to remove. |
| IsTrustedCertificate | If TRUE the Certificate is removed from the Trusted Certificates List. If FALSE the Certificate is removed from the Issuer Certificates List. |
Method Result Codes (defined in Call Service)
| Result Code | Description |
| Bad_UserAccessDenied | The current user does not have the rights required. |
| Bad_InvalidArgument | The certificate to remove was not found. |
| Bad_InvalidState | The Open Method was called with write access and the CloseAndUpdate Method has not been called. |
| Bad_CertificateChainIncomplete | The Certificate is needed to validate another Certificate in the TrustList. |
| Bad_TransactionPending | Transaction has started and ApplyChanges or CancelChanges has not been called. |
| Bad_SecurityModeInsufficient | The SecureChannel is not authenticated. |
| Bad_NotWritable | The TrustList Object is open for read only. |
Table 31 specifies the AddressSpace representation for the RemoveCertificate Method.
| Attribute | Value | ||||
| BrowseName | 0:RemoveCertificate | ||||
| References | NodeClass | BrowseName | DataType | TypeDefinition | ModellingRule |
|---|---|---|---|---|---|
| 0:HasProperty | Variable | 0:InputArguments | 0:Argument[] | 0:PropertyType | Mandatory |