Delete
- Remove the CA you want to delete from any auto-enrollment settings, policies, or workflows that are used to issue or revoke certificates from that CA.
- Check for any unrevoked and unexpired certificates that may have been deleted from the AppViewX inventory by running a CA discovery to get all the valid certificates issued by that CA for revocation.
You can delete a root CA or a subordinate CA (PKIaaS or external). Once the CA has been deleted, no new certificates can be issued from this CA and no new CRLs will be generated.
To delete CA:
-
Go to
(Menu) icon > PKI+ > CA
Inventory.
The CA Inventory page appears. - Select the check box against the CA you want to delete.
-
Click Actions and select Delete from the dropdown menu.
Note:
- If you are deleting a subordinate CA and if there are valid certificates issued by the CA, then you get a message that you must first revoke the certificates and the CA certificate before deleting the CA. The revocation of certificates is permanent and not reversible. Click Continue to view the certificates that will be revoked. Click Revoke and Delete CA.
- If the CA has no active certificates, then the delete workflow is triggered.
The approval status of the CA changes to Delete - Approval Pending. If you want to abort the action, then click Abort.
-
An email from AppViewX PKIaaS for approval is sent to all active custodians.
Approval can
be done either via email or by clicking the
(Notification Center) on the top right-hand-corner of the page.
Once the approval meets the quorum value, the approval status
of the CA changes to Delete - Approved and the status changes to
Deleted. If the request is rejected, then the approval status of the CA
changes to Delete - Rejected. Click Resubmit if the action fails
for any reason.
A message that the operation is performed successfully appears.Note:- If deletion fails, reach out to [email protected].
- You can view all the deleted CAs by selecting Deleted option from Filter by Status.