Oracle Cloud Infrastructure Documentation

Deleting a Certificate Authority Version

Delete a certificate authority (CA) version when you no longer need it.

You can only delete a certificate authority version with a rotation state of deprecated. For a deprecated version to exist, a current version and a previous version must also exist. Unless you want to delete a certificate authority entirely, you must maintain at least one version of the certificate authority. When you delete a certificate authority version, the deletion doesn't happen immediately. By default, a certificate authority is permanently deleted 30 days after you schedule it for deletion. At minimum, the certificate authority continues to exist for another seven days.

    1. On the Certificate Authorities list page, select the certificate authority that you want to work with. If you need help finding the list page or the certificate authority, see Listing Certificate Authorities.
      The certificate authority's details page opens.
    2. On the certificate authority's details page, select Versions.
      The Versions list opens.
    3. Find the certificate authority version that you want to delete.
    4. From the Actions menu for the certificate authority version, select Delete version.
    5. Confirm the deletion by entering the version number.
    6. Select Select deletion date, and then select the date that you want to delete the certificate authority version permanently.
    7. Select Delete version.

  • Use the oci certs-mgmt certificate-authority-version schedule-deletion command and required parameters to schedule the deletion of a certificate authority version:

    oci certs-mgmt certificate-authority-version schedule-deletion --certificate-authority-id <CA_OCID> --version-number <CA_version_number> --time-of-deletion <RFC_3339_timestamp> [OPTIONS]

    For example:

    oci certs-mgmt certificate-authority-version schedule-deletion --certificate-authority-id ocid1.certificateauthority.oc1.<region>.<unique_id> --version-number 3 --time-of-deletion 2022-01-01T00:00:00+00:00

    To cancel the deletion of a certificate authority version number, open a command prompt and run the oci certs-mgmt certificate-authority-version cancel-deletion command and required parameters:

    oci certs-mgmt certificate-authority-version cancel-deletion --certificate-authority-id <CA_OCID> --version-number <CA_version_number> [OPTIONS]

    For example:

    oci certs-mgmt certificate-authority-version cancel-deletion --certificate-authority-id ocid1.certificateauthority.oc1.<region>.<unique_id> --version-number 3

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the ScheduleCertificateAuthorityVersionDeletion operation to schedule the deletion of a certificate authority version.