ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security certificate delete

    Delete an Installed Digital Certificate

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    This command deletes an installed digital security certificate.

    Parameters

    -vserver <Vserver Name> - Name of Vserver

    This specifies the Vserver that contains the certificate.

    -common-name <FQDN or Custom Common Name> - FQDN or Custom Common Name

    This specifies the desired certificate name as a fully qualified domain name (FQDN) or custom common name or the name of a person. The supported characters, which are a subset of the ASCII character set, are as follows:

    • Letters a through z, A through Z

    • Numbers 0 through 9

    • Asterisk (*), period (.), underscore (_) and hyphen (-)

    The common name must not start or end with a "-" or a ".". The maximum length is 253 characters.

    [-serial <text>] - Serial Number of Certificate

    This specifies the certificate serial number.

    -ca <text> - Certificate Authority

    This specifies the certificate authority (CA).

    -type <type of certificate> - Type of Certificate

    This specifies the certificate type. Valid values are the following:

    • server - includes server certificates and intermediate certificates

    • root-ca - includes a self-signed digital certificate to sign other certificates by acting as a certificate authority (CA)

    • client-ca - includes the public key certificate for the root CA of the SSL client. If this client-ca certificate is created as part of a root-ca, it will be deleted along with the corresponding deletion of the root-ca.

    • server-ca - includes the public key certificate for the root CA of the SSL server to which Data ONTAP is a client. If this server-ca certificate is created as part of a root-ca, it will be deleted along with the corresponding deletion of the root-ca.

    • client - includes a public key certificate and private key to be used for Data ONTAP as an SSL client

    [-subtype <kmip-cert>] - (DEPRECATED)-Certificate Subtype
    This parameter has been deprecated in ONTAP 9.6 and may be removed in a future release of Data ONTAP.
    This specifies a certificate subtype. This optional parameter can have an empty value (the default). The only valid value is as follows:
    • kmip-cert - this is a Key Management Interoperability Protocol (KMIP) certificate

    [-cert-name <text>] - Unique Certificate Name

    This specifies the system’s internal identifier for the certificate. It is unique within a Vserver.

    Examples

    This example deletes a root-ca type digital certificate for a Vserver named vs0 in a company named www.example.com with serial number 4F57D3D1.

    cluster1::> security certificate delete -vserver vs0 -common-name www.example.com -ca www.example.com -type root-ca -serial 4F57D3D1
    Top of Page