tklmCertDelete

Use the tklmCertDelete command to delete a certificate, which can be in any state, such as active. You cannot delete a certificate that is associated with a device, or a certificate that is marked as either default or partner. You cannot delete a certificate that is scheduled for a future rollover. You also cannot delete the active SSLSERVER or IKEV2SERVER certificate.

Note: The IBM Security Key Lifecycle Manager command-line interface commands will be deprecated in the later versions of IBM Security Key Lifecycle Manager. Use the REST interfaces instead.

Purpose

Delete certificates only when the data protected by those certificates is no longer needed. Deleting certificates is like erasing the data. After certificates are deleted, data that is protected by those certificates is not retrievable.

Use this command to delete a certificate, which can be in any state, such as active. You cannot delete a certificate that is associated with a device, or a certificate that is marked as either default or partner. You cannot delete a certificate that is scheduled for a future rollover. You also cannot delete the active SSLSERVER certificate.

Deleting a certificate deletes the material from the database.

Permissions

Your role must have a permission to the delete action and a permission to the appropriate device group. Or, your role must have a permission to the configure action to delete an SSL or KMIP certificate.

Syntax

tklmCertDelete -alias certalias -keyStoreName keystorename

Parameters

-alias: Required. Specify a unique name for the certificate.
-keyStoreName: Required. Specify the name of an existing keystore.

Example

This Jython-formatted command deletes a certificate that is not currently associated with a device.

print AdminTask.tklmCertDelete ('[-alias mycertalias 
	-keyStoreName defaultKeyStore]')