Deleting an image certificate

You can delete a selected image certificate, which can be in any state, such as active. You cannot delete a certificate that is associated with a storage image. Also, you cannot delete a certificate that is identified as the primary certificate for image or secondary certificate for image. For example, you might delete an expired certificate.

About this task

Before you begin, ensure that a backup exists of the keystore with the image certificate that you intend to delete. Verify that the certificate is not currently associated with a storage image. Determine the current state of the certificate, and ensure that deleting a certificate in this state conforms with your site policies.

Delete certificates only when the data protected by those certificates is no longer needed. Deleting certificates is like erasing the data. After certificates are deleted, data that is protected by those certificates is not retrievable.

You can use the Delete certificate menu item or the Delete Certificate REST Service to delete a selected image certificate. Your role must have permissions to the delete action and to the appropriate endpoint.

Deleting a certificate deletes the material from the database.

1. Using the graphical user interface
   1. Log in to the graphical user interface.
   2. On the home page, click the menu icon () at the upper left of the page.
   3. Click Endpoint management > Configured endpoints.
   4. On the Configured endpoints page, select your DS8000 endpoint and click the overflow menu icon ().
   5. From the overflow menu options, click View.
   6. Alternatively, on the home page, click your DS8000 endpoint link in the Configured endpoints section.
   7. On the DS8000 endpoint management page, select a device in the table and click the overflow menu icon.
   8. From the overflow menu options, click Delete certificate.
   9. On the Confirm delete dialog, read the confirmation message before you delete the device. Click OK.
2. Using a REST interface
   1. Open the Swagger UI. For more information, see Using Swagger UI.
   2. Authenticate and authorize to access the REST APIs. For more information, see Authentication process for REST services.
   3. Use the Certificate List REST Service to find a certificate and the Delete Certificate REST Service to delete a certificate. For example, you can send the following HTTP requests.

      GET https://localhost:port/GKLM/rest/v1/certificates?usage=DS8000
      Content-Type: application/json 
      Accept: application/json 
      Authorization : SKLMAuth userAuthId=37ea1939-1374-4db7-84cd-14e399be2d20 
      Accept-Language : en

      DELETE https://localhost:port/GKLM/rest/v1/certificates/mycertalias
      Content-Type: application/json
      Accept: application/json
      Authorization: SKLMAuth authId=139aeh34567m
      Accept-Language: en

What to do next

Next, you can back up the keystore again to accurately reflect the change in certificates.