Delete a holder root CA certificate
Roles
Analytics Events
/v1/holder/certificates/ca/{certificateId}Deletes a holder root CA certificate and cascade-deletes all associated signer certificates. For managed roots and signers, MATTR VII also removes the private key material it was holding on the customer's behalf.
Deletion does not invalidate any wallet attestation JWTs that were issued under this root. Those JWTs remain cryptographically valid until their natural expiry — verifiers that have already cached the signer's public key may continue to accept them. CRL-based revocation of issued attestations is not supported in this release.
Analytic events
- CREDENTIAL_HOLDER_CA_CERTIFICATE_DELETE_START
- CREDENTIAL_HOLDER_CA_CERTIFICATE_DELETE_SUCCESS
- CREDENTIAL_HOLDER_CA_CERTIFICATE_DELETE_FAIL
Authorization
bearerAuth In: header
Path Parameters
Unique identifier of the holder root CA certificate.
uuidResponse Body
application/json
curl -X DELETE "https://example.vii.au01.mattr.global/v1/holder/certificates/ca/281d20b3-42a3-40dd-b29a-115ff32b02b7"{
"code": "string",
"message": "string",
"details": [
{
"value": "string",
"msg": "Invalid value",
"param": "id",
"location": "body"
}
]
}How would you rate this page?
Update a holder root CA certificate PUT
Updates a holder root CA certificate. The only mutable field is `active`. Setting `active: true` deactivates all other roots for the tenant (single-active constraint). ### **Analytic events** * CREDENTIAL_HOLDER_CA_CERTIFICATE_UPDATE_START * CREDENTIAL_HOLDER_CA_CERTIFICATE_UPDATE_SUCCESS * CREDENTIAL_HOLDER_CA_CERTIFICATE_UPDATE_FAIL
Retrieve a holder root CA certificate revocation list GET
Retrieves the Certificate Revocation List (CRL) for a managed holder root CA certificate, as a DER-encoded binary document. This endpoint is only available for managed roots — for unmanaged roots it returns `404 NoCertificateRevocationList`.