Delete Certificate

The Delete Certificate operation deletes the identified certificate. This operation is supported using the BCPii interface. [Added by feature secure-boot-with-certificates]

HTTP method and URI

DELETE /api/certificates/{certificate-id}

In this request, the URI variable {certificate-id} is the object ID of the Certificate object to be deleted.

Description

This operation deletes the specified certificate. Upon success, an Inventory Change notification is emitted asynchronously to this operation.

If this operation changes the value of any property for which property-change notifications are due, those notifications are issued asynchronously to this operation.

A 404 (Not Found) status code is returned if the request URI does not designate an existing Certificate object, or if the API user does not have object-access permission to the object. If the API user doesn’t have action/task permission to the Import Secure Boot Certificates task, 403 (Forbidden) status code is returned. If the Certificate object is currently assigned, a 409 (Conflict) status code is returned. A 503 (Service Unavailable) status code is returned if the Console is not communicating with the CPC.

Authorization requirements

This operation has the following authorization requirements:

For the web services interface:
  • Object-access permission to the certificate object whose object-id is {certificate-id}.
  • Action/task permission to the Import Secure Boot Certificates task.
For the BCPii interface:
  • The source partition must have receive BCPii security controls permissions for the CPC object designated by target-name property that accompanies the request.

HTTP status and reason codes

On success, HTTP status code 204 (No Content) is returned and no response body is provided.

The following HTTP status codes are returned for the indicated errors, and the response body is a standard error response body providing the reason code indicated and associated error message.

HTTP error status code Reason code Description
403 (Forbidden) 0 The request used the BCPii interface and the source CPC object does not have receive BCPii security controls permission.
1 The user under which the API request was authenticated does not have the required authority to perform the requested action.
404 (Not Found) 1 The object ID in the URI ({certificate-id}) does not designate an existing Certificate object, or the API user does not have object-access permission to the object.
409 (Conflict) 373 The operation cannot be performed because the certificate is currently assigned.
503 (Service Unavailable) 1 The request could not be processed because the HMC is not currently communicating with an SE needed to perform the requested operation.

Additional standard status and reason codes can be returned, as described in Invoking API operations.

Example HTTP interaction

Figure 1. Delete Certificate: Request
DELETE /api/certificates/dab30826-48d4-11ed-87c1-fa163e6f7e7e HTTP/1.1
x-api-session: 3x0ewon9h1e6isqpylay1qphjgh4t6f3xeohmfqtcpwymgfkzy
Figure 2. Delete Certificate: Response
204
Server: Hardware management console API web server / 2.0
Cache-control: no-cache
Date: Mon, 10 Oct 2022 20:03:41 GMT
Content-Type: application/json

<No response body>