pki delete-certificate
Use pki delete-certificate to remove certificates from a PKI domain.
Syntax
pki delete-certificate domain domain-name { ca | local | peer [ serial serial-num ] }
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
domain-name: Specifies a PKI domain by its name, a case-insensitive string of 1 to 31 characters. The domain name cannot contain the special characters listed in Table 30.
Table 30: Special characters
Character name | Symbol | Character name | Symbol |
---|---|---|---|
Tilde | ~ | Dot | . |
Asterisk | * | Left angle bracket | < |
Backslash | \ | Right angle bracket | > |
Vertical bar | | | Quotation marks | " |
Colon | : | Apostrophe | ' |
ca: Specifies the CA certificate.
local: Specifies the local certificates.
peer: Specifies the peer certificates.
serial serial-num: Specifies a peer certificate by its serial number, a case-insensitive string of 1 to 127 characters. If you do not specify a serial number, this command removes all peer certificates in the PKI domain.
Usage guidelines
When you remove the CA certificate in a PKI domain, the system also removes the local certificates, peer certificates, and the CRL in the PKI domain.
To delete a specific peer certificate in a PKI domain, perform the following steps:
Execute the display pki certificate command to determine the serial number of the peer certificate.
Execute the pki delete-certificate domain domain-name peer serial serial-num command.
Examples
# Remove the CA certificate in PKI domain aaa.
<Sysname> system-view [Sysname] pki delete-certificate domain aaa ca Local certificates, peer certificates and CRL will also be deleted while deleting the CA certificate. Confirm to delete the CA certificate? [Y/N]:y [Sysname]
# Remove the local certificates in PKI domain aaa.
<Sysname> system-view [Sysname] pki delete-certificate domain aaa local [Sysname]
# Remove all peer certificates in PKI domain aaa.
<Sysname> system-view [Sysname] pki delete-certificate domain aaa peer [Sysname]
# Display information about all peer certificates in PKI domain aaa, and remove a peer certificate with the specified serial number.
<Sysname> system-view [Sysname] display pki certificate domain aaa peer Total peer certificates: 1 Serial Number: 9a0337eb2156ba1f5476e4d754a5a9f7 Subject Name: CN=abc [Sysname] pki delete-certificate domain aaa peer serial 9a0337eb2156ba1f5476e4d754a5a9f7
Related commands
display pki certificate