Deleting a Certificate
Delete a certificate when you no longer need it.
You can only delete a certificate version with the rotation state of deprecated. You can only have a deprecated certificate version when you also have a current version. Unless you want to delete a certificate entirely, you must maintain at least one version of the certificate. Furthermore, the certificate can't have any associations. You must delete all associations before you can delete the certificate.
When you delete a certificate, the certificate isn't immediately deleted. By default, a certificate is permanently deleted 30 days after you schedule it for deletion. At minimum, one day must elapse before the certificate is permanently deleted. Certificates pending deletion count against their own service limits and are subject to restrictions on the reuse of a certificate display name.
Use the oci certs-mgmt certificate schedule-deletion command and required parameters to schedule a certificate for deletion:
Note
If you do not indicate when to delete the certificate, by default, a certificate is automatically scheduled for deletion in 30 days.oci certs-mgmt certificate schedule-deletion --certificate-id <certificate_OCID> --time-of-deletion <RFC_3339_timestamp>
For example:
oci certs-mgmt certificate schedule-deletion --certificate-id ocid1.certificate.oc1.<region>.<unique_ID> --time-of-deletion 2022-01-01T00:00:00+00:00
For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.
Run the ScheduleCertificateDeletion operation to schedule the deletion of a certificate.