Deleting a CA client in SSL

You can delete the CAClient object from the security configuration if a connection to a certificate authority (CA) is no longer needed.

Before you begin

You use the administrative console to delete a CA client.

Procedure

  1. Click Security > SSL certificate and key management.
  2. Click Certificate Authority (CA) client configurations. A panel displaying the existing CA clients appears.
  3. Click the CA client name you want to delete.
  4. Click the Delete button.
    Note: You can also use the deleteAClient AdminTask to delete the CA client.

Results

The CA client is deleted from the configuration.
Note: When you use the deleteCAClient AdminTask to delete the CA client, the CA client cannot be deleted if a CA certificate that exists in the keystore was obtained from the certificate authority and is still referenced by the CA client. For example, when such CA certificate still exists, the user receives the following message:
wsadmin>$AdminTask deleteCAClient {-caClientName myca}
WASX7015E: Exception running command:
 "$AdminTask deleteCAClient {-caClientName myca}"; exception information:
 com.ibm.websphere.management.cmdframework.CommandValidationException:
 CWPKI0687E: The Certificate Authority (CA) client myca is still referenced by:
 [Certificate alias myca21 in key store CellDefaultKeyStore].
wsadmin>