+

Search Tips   |   Advanced Search

Delete a CA client in SSL

We can delete the CAClient object from the security configuration if a connection to a certificate authority (CA) is no longer needed.

We use the administrative console to delete a CA client.


Tasks

  1. Click Security > SSL certificate and key management.

  2. Click Certificate Authority (CA) client configurations. A panel displaying the existing CA clients appears.

  3. Click the CA client name we want to delete.

  4. Click the Delete button.

    We can also use the deleteAClient AdminTask to delete the CA client.

The CA client is deleted from the configuration.

When we use the deleteCAClient AdminTask to delete the CA client, the CA client cannot be deleted if a CA certificate that exists in the keystore was obtained from the certificate authority and is still referenced by the CA client. For example, when such CA certificate still exists, the user receives the following message:

wsadmin>$AdminTask deleteCAClient {-caClientName myca}
WASX7015E: Exception running command:
 "$AdminTask deleteCAClient {-caClientName myca}"; exception information:
 com.ibm.websphere.management.cmdframework.CommandValidationException:
 CWPKI0687E: The Certificate Authority (CA) client myca is still referenced by:
 [Certificate alias myca21 in key store CellDefaultKeyStore].
wsadmin>

  • Secure communications
  • CAClientCommands