Delete a certificate from a key repository on UNIX, Linux, and Windows
Use this procedure to remove personal or CA certificates.
Use strmqiqm
For to manage TLS certificates in a way that is FIPS compliant, use the runmqakm command. strmqiqm (iKeyman) does not provide a FIPS-compliant option.
- Start the GUI using the strmqikm command (on UNIX, Linux, and Windows).
- From the Key Database File menu, click Open. The Open window opens.
- Click Key database type and select CMS (Certificate Management System).
- Click Browse to navigate to the directory that contains the key database files.
- Select the key database file from which we want to delete the certificate, for example key.kdb.
- Click Open. The Password Prompt window opens.
- Type the password you set when you created the key database and click OK. The name of your key database file is displayed in the File Name field.
- From the drop down list, select Personal Certificates or Signer Certificates
- Select the certificate we want to delete.
- If we do not already have a copy of the certificate and we want to save it, click Export/Import and export it (see Exporting a personal certificate from a key repository on UNIX, Linux, and Windows ).
- With the certificate selected, click Delete. The Confirm window opens.
- Click Yes. The Personal Certificates field no longer shows the label of the certificate you deleted.
Use the command line
Use the following commands to delete a certificate using runmqckm:- On UNIX, Linux, and Windows:
runmqckm -cert -delete -db filename -pw password -label label
where:
| -db filename | is the fully qualified file name of a CMS key database. |
| -pw password | is the password for the CMS key database. |
| -label label | is the label attached to the personal certificate. |
| -fips | specifies that the command is run in FIPS mode. When in FIPS mode, the ICC component uses algorithms that have been FIPS 140-2 validated. If the ICC component does not initialize in FIPS mode, the runmqakm command fails. |