Deleting an image certificate

You can delete a selected image certificate, which can be in any state, such as active. You cannot delete a certificate that is associated with a storage image. You also cannot delete a certificate that is identified as the primary certificate for image or secondary certificate for image. For example, you might delete an expired certificate.

About this task

Before you begin, ensure that a backup exists of the keystore with the image certificate that you intend to delete. Verify that the certificate is not currently associated with a storage image. Determine the current state of the certificate, and ensure that deleting a certificate in this state conforms with your site policies.

Delete certificates only when the data protected by those certificates is no longer needed. Deleting certificates is like erasing the data. After certificates are deleted, data that is protected by those certificates is not retrievable.

You can use the Delete menu item or the Delete Certificate REST Service to delete a selected image certificate. Your role must have permissions to the delete action and to the appropriate device group.

Deleting a certificate deletes the material from the database.

Procedure

  1. Go to the appropriate page or directory.
    • Graphical user interface:
      1. Log on to the graphical user interface.
      2. In the Key and Device Management section on Welcome page, select DS8000.
      3. Click Go to > Manage keys and devices.
      4. Alternatively, right-click DS8000 and select Manage keys and devices.
      5. On the management page for DS8000, select a certificate in the Certificates column.
      6. Click Delete.
      7. Alternatively, right-click a certificate and then select Delete.
    • REST interface:
      • Open a REST client.
  2. Delete the certificate.
    • Graphical user interface:

      On the Confirm dialog, read the confirmation message to verify that the correct certificate was selected before you delete the certificate. Then, click OK.

    • REST interface:
      Use the Certificate List REST Service to find a certificate and the Delete Certificate REST Service to delete a certificate. For example, you can send the following HTTP requests:
      GET https://localhost:port/SKLM/rest/v1/certificates?usage=DS8000
      Content-Type: application/json 
      Accept: application/json 
      Authorization : SKLMAuth userAuthId=37ea1939-1374-4db7-84cd-14e399be2d20 
      Accept-Language : en
      DELETE https://localhost:port/SKLM/rest/v1/certificates/mycertalias
      Content-Type: application/json
      Accept: application/json
      Authorization: SKLMAuth authId=139aeh34567m
      Accept-Language: en

What to do next

Next, you can back up the keystore again to accurately reflect the change in certificates.