I am using an nginx setup, with a CRL. However, I do not have access to the certificates I want to revoke. Let's say I only know the CN/Thumbprint/... is that feasible?
If not, I could have a workaround to actually have access to that certificate, however it is a ".pfx" certificate bundle. Can we revoke these?
As Steffen Ullrich pointed out, PFX is a container format. On Windows you can double click to open/import it. On all supported platforms you can use OpenSSL to export the certificate (public part):
openssl pkcs12 -in ".\container.pfx" -nokeys -out ".\certificate.pem" -passin "pass:12345678"
Now to the revocation... The revocation must be requested from the issuer of the certificate. To read the issuer we can use OpenSSL again:
openssl x509 -in certificate.pem -noout -issuer
Whatever is put out should give you an indication where to request the revocation.
Technically the revocation means that the issuing CA recognizes a certain certificate as invalid and writes its serial number to a certificate revocation list (CRL). The CRL, as a certificate has a lifetime. It must be written new from time to time. CRL files are signed with the CA certificate - if you do not have the private key of the CA you cannot revoke a certificate - that is why I said you must request a revocation.
For a revocation usually the serial number of a certificate is needed. HEre is how to get it from the *.pem file we just extracted from the *.pfx file:
openssl x509 -in certificate.pem -noout -serial
Now you should know who is the issuer of the certificate and can request a revocation for the given serial number. If the revocation is done by some REST interface, SOAP, RPC, a web form or even paper trail really depends on the CA, which can be internal of your organization, run by a government or privately held organization offering public services. As long as you do not provide that information we cannot help you any further.
Please feel free to edit your question with updated information, so we can continue working it out.
