certdelete removes a certificate from the list of certificates associated with a user account and deletes the certificate from the local LDAP repository.
certdelete tag [username]
The certdelete command removes certificates associated with a user from the local LDAP repository. A deleted certificate could be added again using the certadd command. Note that the certdelete operation does not affect the certificates in CA's LDAP store where they are published.
The tag parameter uniquely identifies the certificate in the list of certificates owned by a user. It shall be an error to remove the certificate named by the auth_cert attribute for a user. Only a privileged (root) user, or a user belonging to group security may specify a user name other than their own.
If invoked without the username parameter, the certdelete command uses the name of the current user.
Specifying ALL as the value of tag will cause all of the certificates owned by a user to be removed. The command terminates on the first delete error it encounters while processing an ALL request. This leaves the rest of the certificates owned by the user undeleted. If the error is due to some temporary condition (such as local LDAP repository is inaccessible), the next certdelete will delete the remaining certificates. The user might query about the certificates that did not get deleted by using certlist command with a tag value of ALL.
Item | Description |
---|---|
0 | Successful completion. |
>0 | An error occured. |
This is a privileged (set-UID root) command.
Root and invoker belonging to group security can delete certificates for anybody. A non-privileged user can only delete certificates for himself/herself.
Audit
This command records the following event information:
CERT_Create <username>
$ certdelete signcert bob
$ certdelete ALL
/usr/lib/security/pki/acct.cfg