Management API in SCEPmanClient

Use Find-SCEPmanCertificate to search for issued certificates in SCEPman and Revoke-SCEPmanCertificate to revoke a certificate when it is no longer trusted or no longer needed.

Requirements

Before you can search for or revoke certificates, ensure that your identity has the Manage.All role.

Also ensure to have setup the general prerequisites for SCEPmanClient usage: https://app.gitbook.com/o/-LhPlvZ6dc8XcqY7tdZw/s/-LoGejQeUQcw7lqnQ3WX/~/edit/~/changes/863/certificate-management/api-certificates/scepmanclient#prerequisites

Find certificates

Use Find-SCEPmanCertificate to search for certificates by their serial number, subject or requester.

If at least one certificate is found, an object is returned resembling the following JSON structure:

{
  "items": [
    {
    "serialNumber":  "507AEAC03CCEF83F106914418D9222E466A629C1",
    "subject":  "CN=device01.contoso.local",
    "sans":  null,
    "upn":  null,
    "issuanceDate":  "2026-05-28T10:57:22Z",
    "expirationDate":  "2028-05-28T10:57:22Z",
    "revocationDate":  null,
    "revocationReason":  null,
    "revokedBy":  null,
    "requester":  "pkiAdmin@contoso.com",
    "source":  "CertificateMaster",
    "certificateType":  "Static"
    }
  ],
  "continuationToken": "..."
}

Example: Find a single certificate by serial number

Understand paged results

If the result set is large, Find-SCEPmanCertificate can return a continuation token. Use this token to request the next page.

Example: first page with continuation token

Example output:

Show returned certificates in detail

Example output:

Request the next page with the continuation token

Example output:

Revoke a certificate

Use Revoke-SCEPmanCertificate to revoke a certificate by its serial number that was previously issued.

Example: Find a certificate and revoke it

Example output: