Removing a certificate
You can remove the CA certificate, local certificate, or peer certificates in a PKI domain. After you remove the CA certificate, the system automatically removes the local certificates, peer certificates, and CRLs in the domain.
You can remove a local certificate and request a new one when the local certificate is about to expire or the certificate's private key is compromised. To remove a local certificate and request a new certificate, perform the following tasks:
Remove the local certificate.
Use the public-key local destroy command to destroy the existing local key pair.
Use the public-key local create command to generate a new key pair.
Request a new certificate.
To remove a certificate:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Remove a certificate. | pki delete-certificate domain domain-name { ca | local | peer [ serial serial-num ] } | If you use the peer keyword without specifying a serial number, this command removes all peer certificates. |