Skip to main content

security certificate delete

Contributors
Suggest changes

Delete an Installed Digital Certificate

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

This command deletes an installed digital security certificate.

Parameters

-vserver <Vserver Name> - Name of Vserver

This specifies the Vserver that contains the certificate.

-common-name <FQDN or Custom Common Name> - FQDN or Custom Common Name

This specifies the desired certificate name as a fully qualified domain name (FQDN) or custom common name or the name of a person. The supported characters, which are a subset of the ASCII character set, are as follows:

  • Letters a through z, A through Z

  • Numbers 0 through 9

  • Asterisk (*), period (.), underscore (_) and hyphen (-)

The common name must not start or end with a "-" or a ".". The maximum length is 253 characters.

[-serial <text>] - Serial Number of Certificate

This specifies the certificate serial number.

-ca <text> - Certificate Authority

This specifies the certificate authority (CA).

-type <type of certificate> - Type of Certificate

This specifies the certificate type. Valid values are the following:

  • server - includes server certificates and intermediate certificates

  • root-ca - includes a self-signed digital certificate to sign other certificates by acting as a certificate authority (CA)

  • client-ca - includes the public key certificate for the root CA of the SSL client. If this client-ca certificate is created as part of a root-ca, it will be deleted along with the corresponding deletion of the root-ca.

  • server-ca - includes the public key certificate for the root CA of the SSL server to which ONTAP is a client. If this server-ca certificate is created as part of a root-ca, it will be deleted along with the corresponding deletion of the root-ca.

  • client - includes a public key certificate and private key to be used for ONTAP as an SSL client

[-subtype <kmip-cert>] - (DEPRECATED)-Certificate Subtype
Note This parameter has been deprecated in ONTAP 9.6 and may be removed in a future release of ONTAP.
This specifies a certificate subtype. This optional parameter can have an empty value (the default). The only valid value is as follows:
  • kmip-cert - this is a Key Management Interoperability Protocol (KMIP) certificate

[-cert-name <text>] - Unique Certificate Name

This specifies the system's internal identifier for the certificate. It is unique within a Vserver.

Examples

This example deletes a root-ca type digital certificate for a Vserver named vs0 in a company named www.example.com with serial number 4F57D3D1.

cluster1::> security certificate delete -vserver vs0 -common-name www.example.com -ca www.example.com -type root-ca -serial 4F57D3D1