Certificate Clean

The certificate clean endpoint of the CA API allows you to revoke and delete a list of certificates with a single request.

PUT /puppet-ca/v1/clean
Content-Type: application/json

The request body takes one required key — certnames. This includes the list of certificates for the endpoint to clean. Each certificate in the list is revoked, and the associated certificate file deleted from the CA.

If a certname does not have an associated signed cert on the CA, the response body calls this out, but the request does not error.

Example

In the following example, both certs are revoked and their files deleted.

PUT /puppet-ca/v1/clean
Content-Type: application/json
Content-Length: 58

{"certnames":["agent1.example.net","agent2.example.net"]}

HTTP/1.1 200 OK
Context-Type: text/plain
Successfully cleaned all certificates.

In the following example, the missing certificate is skipped, and the other is revoked and deleted.

PUT /puppet-ca/v1/clean
Content-Type: application/json
Content-Length: 58

{"certnames":["missing.example.net","agent1.example.net"]}

HTTP/1.1 200 OK
Context-Type: text/plain
The following certs do not exist and cannot be revoked: ["missing.example.net"]