Removing a certificate

About certificate removal

You can remove certificates from a PKI domain in the following situations:

Restrictions and guidelines

After you remove the CA certificate, the system automatically removes the local certificates, peer certificates, and CRLs from the domain.

To remove a local certificate and request a new certificate, perform the following tasks:

  1. Remove the local certificate.

  2. Use the public-key local destroy command to destroy the existing local key pair.

  3. Use the public-key local create command to generate a new key pair.

  4. Request a new certificate.

For more information about the public-key local destroy and public-key local create commands, see Security Command Reference.

Procedure

  1. Enter system view.

    system-view

  2. Remove a certificate.

    pki delete-certificate domain domain-name { ca | local | peer [ serial serial-num ] }

    If you use the peer keyword without specifying a serial number, this command removes all peer certificates.