certdelete Command
Purpose
certdelete removes a certificate from the list of certificates associated with a user account and deletes the certificate from the local LDAP repository.
Syntax
certdelete tag [username]
Description
The certdelete command removes certificates associated with a user from the local LDAP repository. A deleted certificate could be added again using the certadd command. Note that the certdelete operation does not affect the certificates in CA's LDAP store where they are published.
The tag parameter
uniquely identifies the certificate in the list of certificates owned
by a user. It shall be an error to remove the certificate named by
the auth_cert attribute for a user. Only a privileged (root)
user, or a user belonging to group security may specify a user name
other than their own.
If invoked without the username parameter, the certdelete command uses the name of the current user.
Specifying ALL as
the value of tag will cause all of the certificates owned by a user
to be removed. The command terminates on the first delete error it
encounters while processing an ALL request. This
leaves the rest of the certificates owned by the user undeleted. If
the error is due to some temporary condition (such as local LDAP repository
is inaccessible), the next certdelete will delete the remaining
certificates. The user might query about the certificates that did
not get deleted by using certlist command with a tag value
of ALL.
Exit Status
| Item | Description |
|---|---|
| 0 | Successful completion. |
| >0 | An error occured. |
Security
This is a privileged (set-UID root) command.
Root and invoker belonging
to group security can delete certificates for anybody. A non-privileged
user can only delete certificates for himself/herself.
Audit
This command records the following event information:
CERT_Create <username>
Examples
- To remove a certificate with a tag value signcert belonging
to Bob, enter:
$ certdelete signcert bob - To remove all the certificates from the local LDAP repository
belonging to the current user, enter:
$ certdelete ALL
Files
/usr/lib/security/pki/acct.cfg