Webinar: PKI Insights - Best Practices for Improving your PKI Posture Management Program for your Digital Certificates and Encryption by PKI Solutions
Close

PowerShell PKI Module Documentation

Documentation Home
This command is not available in non-domain environments
This command requires installed Remote Server Administration Tools (RSAT)

Remove-OnlineResponderLocalCrlEntry

Synopsis

Remove local revocation entry from specified Online Responder revocation configuration.

Syntax

Remove-OnlineResponderLocalCrlEntry -InputObject <OcspResponderRevocationConfiguration[]> -SerialNumber <String[]> [<CommonParameters>]

Remove-OnlineResponderLocalCrlEntry -InputObject <OcspResponderRevocationConfiguration[]> [-Force] [<CommonParameters>]

Description

Remove local revocation entry from specified Online Responder revocation configuration.

Normally, Online Responder refers to CRL to determine if requested serial number is revoked or not. Administrators can manage serial numbers that are considered revoked even if they are not listed in reference CRL.

Note: this action shall be executed on array controller. Otherwise, these changes may be overwritten during array member synchronization with array controller.

Parameters

-InputObject <OcspResponderRevocationConfiguration[]>

Specifies the Online Responder revocation configuration. This object can be retrieved by calling Get-OnlineResponderRevocationConfiguration command.

Required? True
Position? named
Default value
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

-SerialNumber <String[]>

Specifies an array of strings where each string represents a hexadecimal revoked certificate's serial number.

Required? True
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Force <SwitchParameter>

Removes all entries from local CRL.

Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

SysadminsLV.PKI.Management.CertificateServices.OcspResponderRevocationConfiguration

Outputs

SysadminsLV.PKI.Management.CertificateServices.OcspResponderRevocationConfiguration

Notes

Examples

Example 1

PS C:\> Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderRevocationConfiguration "Example Org CA v0.0" | Remove-OnlineResponderLocalCrlEntry -SerialNumber "097bc012207f2c914e3f390551a98162", "2f3b6244bd2ce5b544abf7ef47fa8d3f"

Removes certificate serial numbers "097bc012207f2c914e3f390551a98162" and "2f3b6244bd2ce5b544abf7ef47fa8d3f" from Online Responder revocation configuration's local CRL.

Example 2

PS C:\> Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderRevocationConfiguration "Example Org CA v0.0" | Remove-OnlineResponderLocalCrlEntry -Force

Removes all serial numbers from Online Responder revocation configuration's local CRL.

Related links

Connect-OnlineResponder
Get-OnlineResponderRevocationConfiguration
Add-OnlineResponderLocalCrlEntry

Minimum PowerShell version support

  • Windows PowerShell 3.0

Operating System Support

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows 11
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions
  • Windows Server 2016 all editions
  • Windows Server 2019 all editions
  • Windows Server 2022 all editions