security certificate delete

Delete an Installed Digital Certificate

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

This command deletes an installed digital security certificate.

Parameters

-vserver <Vserver Name> - Name of Vserver
This specifies the Vserver that contains the certificate.
-common-name <FQDN or Custom Common Name> - FQDN or Custom Common Name
This specifies the desired certificate name as a fully qualified domain name (FQDN) or custom common name or the name of a person. The supported characters, which are a subset of the ASCII character set, are as follows:
  • Letters a through z, A through Z
  • Numbers 0 through 9
  • Asterisk (*), period (.), underscore (_) and hyphen (-)
The common name must not start or end with a "-" or a ".". The maximum length is 253 characters.
[-serial <text>] - Serial Number of Certificate
This specifies the certificate serial number.
-ca <text> - Certificate Authority
This specifies the certificate authority (CA).
-type <type of certificate> - Type of Certificate
This specifies the certificate type. Valid values are the following:
  • server - includes server certificates and intermediate certificates
  • root-ca - includes a self-signed digital certificate to sign other certificates by acting as a certificate authority (CA)
  • client-ca - includes the public key certificate for the root CA of the SSL client. If this client-ca certificate is created as part of a root-ca, it will be deleted along with the corresponding deletion of the root-ca.
  • server-ca - includes the public key certificate for the root CA of the SSL server to which Data ONTAP is a client. If this server-ca certificate is created as part of a root-ca, it will be deleted along with the corresponding deletion of the root-ca.
  • client - includes a public key certificate and private key to be used for Data ONTAP as an SSL client
[-subtype <kmip-cert>] - (DEPRECATED)-Certificate Subtype
Note: This parameter has been deprecated in ONTAP 9.6 and may be removed in a future release of Data ONTAP.
This specifies a certificate subtype. This optional parameter can have an empty value (the default). The only valid value is as follows:
  • kmip-cert - this is a Key Management Interoperability Protocol (KMIP) certificate
[-cert-name <text>] - Unique Certificate Name
This specifies the system's internal identifier for the certificate. It is unique within a Vserver.

Examples

This example deletes a root-ca type digital certificate for a Vserver named vs0 in a company named www.example.com with serial number 4F57D3D1.

cluster1::> security certificate delete -vserver vs0 -common-name www.example.com -ca www.example.com -type root-ca -serial 4F57D3D1