Oracle Cloud Infrastructure Documentation

Deleting a Certificate Authority

Delete a certificate authority (CA).

You can only delete a certificate authority version with a rotation state of deprecated. For a deprecated version to exist, a current version and a previous version must also exist. Unless you want to delete a certificate authority entirely, you must maintain at least one version of the certificate authority. Furthermore, the certificate authority can't have any associations, current issued certificates, or subordinate certificate authorities. You must delete all associations, certificates, and subordinate certificate authorities issued by a parent certificate authority before you can delete the parent certificate authority.

When you delete a certificate authority, the deletion doesn't happen immediately. By default, a certificate authority is permanently deleted 30 days after you schedule it for deletion. At minimum, the certificate authority continues to exist for another seven days. Certificate authorities pending deletion count against their own service limits and are subject to restrictions on the reuse of a certificate authority display name.

    1. On the Certificate Authorities list page, find the certificate that you want to work with. If you need help finding the list page or the certificate, see Listing Certificates.
    2. From the Actions menu for the certificate version, select Delete.
    3. Confirm the deletion by entering the certificate authority name exactly as it appears.
    4. Select Select deletion date, and then select the date that you want to delete the certificate authority permanently.
    5. Select Delete certificate authority.

  • Use the oci certs-mgmt certificate-authority schedule-deletion command and required parameters to schedule the deletion of a certificate authority:

    oci certs-mgmt certificate-authority schedule-deletion --certificate-authority-id <CA_OCID> --time-of-deletion <RFC_3339_timestamp> [OPTIONS]

    For example:

    oci certs-mgmt certificate-authority schedule-deletion --certificate-authority-id ocid1.certificateauthority.oc1.<region>.<unique_id> --time-of-deletion 2022-01-01T00:00:00+00:00

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the ScheduleCertificateAuthorityDeletion operation to schedule the deletion of a certificate authority.