forked from nss-dev/nss
-
Notifications
You must be signed in to change notification settings - Fork 0
Deleting Certificate
Endi S. Dewata edited this page Jan 20, 2022
·
1 revision
To delete a certificate from internal token:
$ certutil -D -d nssdb -n testcert
If the certificate is also in HSM, the certificate will not be deleted from HSM, but the trust attribute will change to u,u,u.
To delete a certificate from HSM:
$ certutil -D -d nssdb -h HSM -f password.HSM -n HSM:testcert
The above command ignores the -f parameter, so the password must be entered manually.
In any case, if the certificate has a key in the token, the key will be orphaned.
Do not use these commands because they do not work:
$ certutil -D -d nssdb -P HSM -n testcert $ certutil -D -d nssdb -h HSM -f password.HSM -P HSM -n testcert