pki delete-certificate

Use pki delete-certificate to remove certificates from a PKI domain.

Syntax

pki delete-certificate domain domain-name { ca | local | peer [ serial serial-num ] }

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

domain-name: Specifies a PKI domain by its name, a case-insensitive string of 1 to 31 characters. The domain name cannot contain the special characters listed in Table 30.

Table 30: Special characters

Character name

Symbol

Character name

Symbol

Tilde

~

Dot

.

Asterisk

*

Left angle bracket

<

Backslash

\

Right angle bracket

>

Vertical bar

|

Quotation marks

"

Colon

:

Apostrophe

'

ca: Specifies the CA certificate.

local: Specifies the local certificates.

peer: Specifies the peer certificates.

serial serial-num: Specifies a peer certificate by its serial number, a case-insensitive string of 1 to 127 characters. If you do not specify a serial number, this command removes all peer certificates in the PKI domain.

Usage guidelines

When you remove the CA certificate in a PKI domain, the system also removes the local certificates, peer certificates, and the CRL in the PKI domain.

To delete a specific peer certificate in a PKI domain, perform the following steps:

  1. Execute the display pki certificate command to determine the serial number of the peer certificate.

  2. Execute the pki delete-certificate domain domain-name peer serial serial-num command.

Examples

# Remove the CA certificate in PKI domain aaa.

<Sysname> system-view
[Sysname] pki delete-certificate domain aaa ca
Local certificates, peer certificates and CRL will also be deleted while deleting the CA certificate.
Confirm to delete the CA certificate? [Y/N]:y
[Sysname]

# Remove the local certificates in PKI domain aaa.

<Sysname> system-view
[Sysname] pki delete-certificate domain aaa local
[Sysname]

# Remove all peer certificates in PKI domain aaa.

<Sysname> system-view
[Sysname] pki delete-certificate domain aaa peer
[Sysname]

# Display information about all peer certificates in PKI domain aaa, and remove a peer certificate with the specified serial number.

<Sysname> system-view
[Sysname] display pki certificate domain aaa peer
Total peer certificates: 1

Serial Number: 9a0337eb2156ba1f5476e4d754a5a9f7
Subject  Name: CN=abc
[Sysname] pki delete-certificate domain aaa peer serial 9a0337eb2156ba1f5476e4d754a5a9f7

Related commands

display pki certificate