[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]

Commands Reference, Volume 1

certdelete Command

Purpose

certdelete removes a certificate from the list of certificates associated with a user account and deletes the certificate from the local LDAP repository.

Syntax

certdelete tag [username]

Description

The certdelete command removes certificates associated with a user from the local LDAP repository. A deleted certificate could be added again using the certadd command. Note that the certdelete operation does not affect the certificates in CA's LDAP store where they are published.

The tag parameter uniquely identifies the certificate in the list of certificates owned by a user. It shall be an error to remove the certificate named by the auth_cert attribute for a user. Only a privileged (root) user, or a user belonging to group security may specify a user name other than their own.

If invoked without the username parameter, the certdelete command uses the name of the current user.

Specifying ALL as the value of tag will cause all of the certificates owned by a user to be removed. The command terminates on the first delete error it encounters while processing an ALL request. This leaves the rest of the certificates owned by the user undeleted. If the error is due to some temporary condition (such as local LDAP repository is inaccessible), the next certdelete will delete the remaining certificates. The user might query about the certificates that did not get deleted by using certlist command with a tag value of ALL.

Exit Status

0 Successful completion.
>0 An error occured.

Security

This is a privileged (set-UID root) command.

Root and invoker belonging to group security can delete certificates for anybody. A non-privileged user can only delete certificates for himself/herself.

Audit

This command records the following event information:

CERT_Create <username>

Examples

  1. To remove a certificate with a tag value signcert belonging to Bob, enter:
    $ certdelete signcert bob
  2. To remove all the certificates from the local LDAP repository belonging to the current user, enter:
    $ certdelete ALL

Files

/usr/lib/security/pki/acct.cfg

Related Information

The certadd, certcreate, certget, certlink, certlist, certrevoke, certverify, keyadd, keydelete, keylist, keypasswd, and mksecpki commands.

[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]