Oracle Cloud Infrastructure Documentation

Deleting a Certificate Authority

Delete a certificate authority (CA).

You can only delete a CA version with a rotation state of deprecated. For a deprecated version to exist, a current version and a previous version must also exist. Unless you want to delete a CA entirely, you must maintain at least one version of the CA. Furthermore, the CA can't have any associations, current issued certificates, or subordinate CAs. You must delete all associations, certificates, and subordinate CAs issued by a given parent CA before you can delete the parent CA.

When you delete a CA, the deletion doesn't happen immediately. By default, a CA is permanently deleted 30 days after you schedule it for deletion. At minimum, the CA continues to exist for another seven days. CAs pending deletion count against their own service limits and are subject to restrictions on the reuse of a CA display name.

    1. Open the navigation menu and click Identity & Security.
    2. Under Certificates, click Certificate Authorities.
    3. From the list of CAs in the compartment, click the name of the CA that you want to delete.

      To find a CA in a different compartment, under List scope, choose a different compartment.

    4. Click Delete.
    5. Confirm the deletion by entering the CA name exactly as it appears.
    6. Click Select deletion date, and then choose the date that you want to delete the CA permanently.
    7. When you're ready, click Delete Certificate Authority.

  • Use the oci certs-mgmt certificate-authority schedule-deletion command and required parameters to schedule the deletion of a CA:

    oci certs-mgmt certificate-authority schedule-deletion --certificate-authority-id <CA_OCID> --time-of-deletion <RFC_3339_timestamp>

    For example:

    oci certs-mgmt certificate-authority schedule-deletion --certificate-authority-id ocid1.certificateauthority.oc1.<region>.<unique_id> --time-of-deletion 2022-01-01T00:00:00+00:00

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the ScheduleCertificateAuthorityDeletion operation to schedule the deletion of a CA.