Remove Keys and Certificates on Fabric IPsec Gateway VM

Before you begin

You can remove subject certificates from the certificate authority (CA) trustpoint only if the subject-label is not configured on an IPsec tunnel.

About this task

Use this procedure to remove keys or certificates from the certificate store.

Procedure

  1. Enter Fabric IPsec Gateway Configuration mode:

    enable

    virtual-service WORD<1-128> console

    Note

    Note

    Type CTRL+Y to exit the console.

  2. Remove a key:

    certificate remove key <key-label>

  3. Remove a specific certificate from the store:

    certificate remove offline-cacert <filename>

  4. Remove a Certificate Revocation List (CRL) certificate from the store:

    certificate remove offline-crl <filename>

  5. Remove signed certificates for a specific subject label:

    certificate remove offline-subject-certs <subject-label>

  6. Remove a specific identity certificate from the CA trustpoint:

    certificate ca <ca-trustpoint> remove <subject-label>

  7. Remove all certificates from the CA trustPoint:

    certificate ca <ca-trustpoint> clean

Variable Definitions

The following table defines parameters for the certificate remove command.

Variable

Value

key <key-label>

Specifies the key name to remove.

offline-cacert <filename>

Specifies the certificate filename to remove.

offline-crl <filename>

Specifies the Certificate Revocation List (CRL) certificate filename to remove.

offline-subject-certs <subject-label>

Specifies the subject label for which to remove signed certificates.

The following table defines parameters for the certificate ca command.

Variable

Value

<ca-trustpoint>

Specifies the name of the certificate authority. The name can be alphanumeric and is case-sensitive. The maximum length is 45 characters.

<subject-label>

Specifies the subject identity.