Deleting a certificate from a key repository on UNIX, Linux, and Windows
Use this procedure to remove personal or CA certificates.
Using strmqikm
If you need to manage TLS certificates in a way that is FIPS compliant, use the runmqakm command. strmqikm (iKeyman) does not provide a FIPS-compliant option.
- Start the GUI using the strmqikm command (on UNIX, Linux®, and Windows).
- From the Key Database File menu, click Open. The Open window opens.
- Click Key database type and select CMS (Certificate Management System).
- Click Browse to navigate to the directory that contains the key database files.
- Select the key database file from which you want to delete the certificate, for example
key.kdb
. - Click Open. The Password Prompt window opens.
- Type the password you set when you created the key database and click OK. The name of your key database file is displayed in the File Name field.
- From the drop down list, select Personal Certificates or Signer Certificates
- Select the certificate you want to delete.
- If you do not already have a copy of the certificate and you want to save it, click Export/Import and export it (see Exporting a personal certificate from a key repository on UNIX, Linux, and Windows ).
- With the certificate selected, click Delete. The Confirm window opens.
- Click Yes. The Personal Certificates field no longer shows the label of the certificate you deleted.
Using the command line
Use the following commands to delete a certificate using runmqckm:
- On UNIX, Linux, and Windows:
runmqckm -cert -delete -db filename -pw password -label label
-db filename
|
is the fully qualified file name of a CMS key database. |
-pw password
|
is the password for the CMS key database. |
-label label
|
is the label attached to the personal certificate. |
-fips |
specifies that the command is run in FIPS mode. When in FIPS mode, the ICC component uses algorithms that have been FIPS 140-2 validated. If the ICC component does not initialize in FIPS mode, the runmqakm command fails. |