Oracle Cloud Infrastructure Documentation

Deleting a Certificate Authority Version

Delete a certificate authority (CA) version when you no longer need it.

You can only delete a CA version with a rotation state of deprecated. For a deprecated version to exist, a current version and a previous version must also exist. Unless you want to delete a CA entirely, you must maintain at least one version of the CA. When you delete a CA version, the deletion doesn't happen immediately. By default, a CA is permanently deleted 30 days after you schedule it for deletion. At minimum, the CA continues to exist for another seven days.

    1. Open the navigation menu and click Identity & Security.
    2. Under Certificates, click Certificate Authorities.
    3. From the list of CAs in the compartment, click the name of the CA with the CA version that you want to delete.

      To find a CA in a different compartment, under List scope, choose a different compartment.

    4. Under Resources, click Versions.
    5. Under Versions, find the CA version that you want to delete.
    6. Click the Actions menu (Actions Menu) for the CA version, and select Delete Version. Confirm the deletion by entering the version number.
    7. Click Select deletion date, and then choose the date that you want to delete the CA version permanently.
    8. Click Delete Version.

  • Use the oci certs-mgmt certificate-authority-version schedule-deletion command and required parameters to schedule the deletion of a CA version:

    oci certs-mgmt certificate-authority-version schedule-deletion --certificate-authority-id <CA_OCID> --version-number <CA_version_number> --time-of-deletion <RFC_3339_timestamp>

    For example:

    oci certs-mgmt certificate-authority-version schedule-deletion --certificate-authority-id ocid1.certificateauthority.oc1.<region>.<unique_id> --version-number 3 --time-of-deletion 2022-01-01T00:00:00+00:00

    To cancel the deletion of a CA version number, open a command prompt and run the oci certs-mgmt certificate-authority-version cancel-deletion command and required parameters:

    oci certs-mgmt certificate-authority-version cancel-deletion --certificate-authority-id <CA_OCID> --version-number <CA_version_number>

    For example:

    oci certs-mgmt certificate-authority-version cancel-deletion --certificate-authority-id ocid1.certificateauthority.oc1.<region>.<unique_id> --version-number 3

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the ScheduleCertificateAuthorityVersionDeletion operation to schedule the deletion of a CA version.