Deleting Certificates
When a certificate with a specific name expires, delete the certificate. When a key is disclosed, delete all related CA certificates, the related local certificate, and re-send a certificate application.
Context
Certificates cannot be restored after being deleted. Exercise caution when running the deletion command.
Procedure
- Delete the CA certificate and local certificate with specific names.
- Run the pki delete-certificate { ca | crl | local | peer } [ domain domainName ] filename file-name command to delete a CA certificate or local certificate with a specific name from the memory. It is not deleted from the CF card.
When the pki delete-certificate command is run to delete a CA certificate or local certificate with a specific name, the system first checks whether the CA certificate or local certificate is restored in the CF card. If it is not found in the CF card, the deletion fails. In this case, you can run the reset pki all-cert command to clear all certificates.
- Run the pki delete-certificate { ca | crl | local | peer } [ domain domainName ] filename file-name command to delete a CA certificate or local certificate with a specific name from the memory. It is not deleted from the CF card.
- Run the reset pki all-cert command to delete all local certificates, CA certificates, CRLs from the memory. They are not deleted from the CF card.