Delete a Certificate
You can delete a local or trusted CA certificate that is automatically or manually generated.
Use the following command to delete a local certificate.
user@host>clear security pki local certificate certificate-id (certificate-id| all | system-generated )
Specify a certificate ID to delete a local certificate with a specific ID. Use
all to delete all local certificates, or specify
system-generated to delete the automatically generated
self-signed certificate.
When you delete an automatically generated self-signed certificate, the device generates a new one.
To delete a CA certificate, use the following command.
user@host>clear security pki ca-certificate ca-profile (ca-profile-name| all)
Specify a CA profile to delete a specific CA certificate,
or use all to delete all CA certificates present in the
persistent store.
You are asked for confirmation before a CA certificate can be deleted.
Delete a Loaded CRL
You can choose to delete a loaded CRL if you no longer need to use it to manage certificate revocations and validation.
Use the following command to delete a loaded CRL.
user@host> clear security pki crl ca-profile (ca-profile all)
Specify a CA profile to delete a CRL associated
with the CA identified by the profile, or use all to delete
all CRLs.