I can see that I can revoke a certificate using WS (however I'm not sure how I'm supposed to get it's issuerDN) but is there a way to delete the end entity in it's entirety. Basically can I do the equivalent of doing "revoke and delete" with a web service?
Edit: just noticed that "revoke and delete" doesn't truly delete the end entity as if they are remade the old revoked certificates are still there. Guess the only way is to delete the data from the DB?
Correct. Delete an end entity does not exist from the WS. Deleting and end entity does not delete the certificates, this is because the primary function of a CA is to keep track of all issued certificates. Being able to delete them would be against this principle. Also true that you can manually modify the database if you have those privileges.