270
Views
System view
Predefined user roles
network-admin
Parameters
domain domain-name: Specifies the name of a PKI domain, a case-insensitive string of 1 to 31 characters.
The domain name cannot contain the following special characters: tilde (~), asterisk (*), backslash (\),
vertical bar (|), colon (:), dot (.), left angle bracket (<), right angle bracket (>), quotation marks ("), and
apostrophe (').
ca: Specifies the CA certificate.
local: Specifies the local certificates.
peer: Specifies the peer certificates.
serial serial-num: Specifies the serial number of a peer certificate. The serial-num argument is a
case-insensitive string of 1 to 127 characters and uniquely identifies a peer certificate among the
certificates issued by a CA. If you do not specify a peer certificate, this command removes all peer
certificates in the PKI domain.
Usage guidelines
When you remove the CA certificate in a PKI domain, the system also removes the local certificates, peer
certificates, and CRLs in the same PKI domain.
Examples
# Remove the CA certificate in the PKI domain aaa.
<Sysname> system-view
[Sysname] pki delete-certificate domain aaa ca
Local certificates, peer certificates and CRL will also be deleted while deleting the CA
certificate.
Confirm to delete the CA certificate? [Y/N]:y
[Sysname]
# Remove the local certificates in the PKI domain aaa.
<Sysname> system-view
[Sysname] pki delete-certificate domain aaa local
[Sysname]
# Remove all peer certificates in the PKI domain aaa.
<Sysname> system-view
[Sysname] pki delete-certificate domain aaa peer
[Sysname]
# Display information about peer certificates in the PKI domain aaa, and remove a peer certificate with
the specified serial number.
<Sysname> system-view
[Sysname] display pki certificate domain aaa peer
Total peer certificates: 1
Serial Number: 9a0337eb2156ba1f5476e4d754a5a9f7
Subject Name: CN=abc
[Sysname] pki delete-certificate domain aaa peer serial 9a0337eb2156ba1f5476e4d754a5a9f7
To Next Page
Loading...
