security certificate delete
Delete an Installed Digital Certificate
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
This command deletes an installed digital security certificate.
Parameters
-vserver <Vserver Name>
- Name of Vserver-
This specifies the Vserver that contains the certificate.
-common-name <FQDN or Custom Common Name>
- FQDN or Custom Common Name-
This specifies the desired certificate name as a fully qualified domain name (FQDN) or custom common name or the name of a person. The supported characters, which are a subset of the ASCII character set, are as follows:
-
Letters a through z, A through Z
-
Numbers 0 through 9
-
Asterisk (*), period (.), underscore (_) and hyphen (-)
The common name must not start or end with a "-" or a ".". The maximum length is 253 characters.
-
[-serial <text>]
- Serial Number of Certificate-
This specifies the certificate serial number.
-ca <text>
- Certificate Authority-
This specifies the certificate authority (CA).
-type <type of certificate>
- Type of Certificate-
This specifies the certificate type. Valid values are the following:
-
server
- includes server certificates and intermediate certificates -
root-ca
- includes a self-signed digital certificate to sign other certificates by acting as a certificate authority (CA) -
client-ca
- includes the public key certificate for the root CA of the SSL client. If this client-ca certificate is created as part of a root-ca, it will be deleted along with the corresponding deletion of the root-ca. -
server-ca
- includes the public key certificate for the root CA of the SSL server to which Data ONTAP is a client. If this server-ca certificate is created as part of a root-ca, it will be deleted along with the corresponding deletion of the root-ca. -
client
- includes a public key certificate and private key to be used for Data ONTAP as an SSL client
-
[-subtype <kmip-cert>]
- (DEPRECATED)-Certificate Subtype-
This parameter has been deprecated in ONTAP 9.6 and may be removed in a future release of Data ONTAP. This specifies a certificate subtype. This optional parameter can have an empty value (the default). The only valid value is as follows:
-
kmip-cert
- this is a Key Management Interoperability Protocol (KMIP) certificate
-
[-cert-name <text>]
- Unique Certificate Name-
This specifies the system's internal identifier for the certificate. It is unique within a Vserver.
Examples
This example deletes a root-ca type digital certificate for a Vserver named vs0 in a company named www.example.com
with serial number 4F57D3D1.
cluster1::> security certificate delete -vserver vs0 -common-name www.example.com -ca www.example.com -type root-ca -serial 4F57D3D1