WAS v8.5 > Secure applications > Secure communicationsDelete a CA client in SSL
We can delete the CAClient object from the security configuration if a connection to a certificate authority (CA) is no longer needed.
Use dmgr console to delete a CA client.
- Click Security > SSL certificate and key management.
- Click Certificate Authority (CA) client configurations. A panel displaying the existing CA clients appears.
- Click the CA client name to delete.
- Click the Delete button.
We can also use the deleteAClient AdminTask to delete the CA client.
Results
The CA client is deleted from the configuration.When we use the deleteCAClient AdminTask to delete the CA client, the CA client cannot be deleted if a CA certificate that exists in the keystore was obtained from the certificate authority and is still referenced by the CA client. For example, when such CA certificate still exists, the user receives the following message:
wsadmin>$AdminTask deleteCAClient {-caClientName myca} WASX7015E: Exception running command: "$AdminTask deleteCAClient {-caClientName myca}"; exception information: com.ibm.websphere.management.cmdframework.CommandValidationException: CWPKI0687E: The Certificate Authority (CA) client myca is still referenced by: [Certificate alias myca21 in key store CellDefaultKeyStore]. wsadmin>
Related
Secure communications
Reference:
CAClientCommands command group for AdminTask