Remove CA certificates

To remove a CA Certificate from the Virtualization FIPS keystore:

  1. Enter the following command to view a list of CA Certificates. The certificates are listed by randomly generated alias names: export LD_LIBRARY_PATH=/opt/opsware/nss/lib/;/opt/opsware/nss/bin/certutil

    -d /var/opt/opsware/crypto/nss/twist/db -L

  2. To view details about your certificate, enter your unique alias name:

    export LD_LIBRARY_PATH=/opt/opsware/nss/lib/;/opt/opsware/nss/bin/certutil

    -d /var/opt/opsware/crypto/nss/twist/db -L -n <certAlias>

    For example:

    export LD_LIBRARY_PATH=/opt/opsware/nss/lib/;/opt/opsware/nss/bin/certutil

    -d /var/opt/opsware/crypto/nss/twist/db -L -n vcenter_cert

  3. To remove the certificate, enter the following command: /opt/opsware/nss/bin/certutil -d /var/opt/opsware/crypto/nss/twist/db -D -n <certAlias>

    For example: /opt/opsware/nss/bin/certutil -d /var/opt/opsware/crypto/nss/twist/db -D -n vcenter_cert

To remove CA certificates from the Virtualization non-FIPS keystore:

  1. Enter the following command to view a list of imported certificates and identify your certificate alias: /opt/opsware/twist/v12nCertUtil.sh <type> list, where <type> is either vmware or openstack.
  2. Enter the following command to remove the certificate:opt/opsware/twist/v12nCertUtil.sh <type> delete <certAlias>, where:

    • <type> is either vmware or openstack
    • <certAlias> is your certificate alias

    For example: opt/opsware/twist/v12nCertUtil.sh vmware delete vcenter_cert