Deleting Certificates From The Database - Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual

To view the keys stored in the subsystem databases using certutil, run the certutil with the -K
option. For example:
cd /var/lib/instance_ID/aliascertutil -K -d .
Enter Password or Pin for "NSS Certificate DB":
<0> subsystemCert cert-rhpki-tks
<1>
<2> Server-Cert cert-rhpki-tks
For information about using the certutil command, see
nss/tools/certutil.html.

10.4.3. Deleting Certificates from the Database

Removing unwanted certificates reduces the size of the certificate database.
NOTE
When deleting CA certificates from the certificate database, be careful not to delete
the intermediate CA certificates, which help a subsystem chain up to the trusted CA
certificate. If in doubt, leave the certificates in the database as untrusted CA certificates;
Section 10.4.4, "Changing the Trust Settings of a CA
see
Section 10.4.3.1, "Deleting Certificates through the Console"
•
Section 10.4.3.2, "Deleting Certificates Using certutil"
•
10.4.3.1. Deleting Certificates through the Console
To delete a certificate through the Console, do the following:
1. Open the Certificate System Console.
pkiconsole https://hostname:SSLport/subsystemType
2. In the Configuration tab, select System Keys and Certificates from the left navigation tree.
3. Select the certificate to delete, and click Delete.
4. When prompted, confirm the delete.
10.4.3.2. Deleting Certificates Using certutil
To delete a certificate from the database using certutil, do the following:
1. Open the instance's certificate databases directory.
cd /var/lib/instance_ID/alias
2. List the certificates in the database by running the certutil with the -L option. For example:
Deleting Certificates from the Database
http://www.mozilla.org/projects/security/pki/
Certificate".
227