Deleting Credentials
Use the installadm
command to delete security credentials. The set-server
, set-service
, and set-client
subcommands can be used to delete security credentials.
Security credentials are also removed when you run the
delete-client
or delete-service
subcommands. The delete-client
command removes all
client-specific credentials. The delete-service
subcommand
removes all service-specific credentials as well as any client-specific credentials
for all clients of that service and any alias services.
Caution - Deleted credentials cannot be recovered, and the TLS security protocol cannot function without server credentials. AI security will be disabled prior to deleting the server credentials.
Example 5-9 Deleting Credentials for One Client
This example deletes the private key and certificate, any CA certificate, and any OBP keys that were assigned to the client by using a MAC address.
$ installadm set-client -e mac-addr -x
Example 5-10 Deleting a CA Certificate
This example deletes the specified CA certificate for all clients that use
that CA certificate. The value of the --hash
option argument is the hash value of the certificate's X.509 subject, as
displayed by the list
subcommand and shown in Displaying Client Security Information.
Any clients that are using the specified CA certificate are counted and displayed
along with a prompt to confirm you want to continue.
$ installadm set-client -x --hash b99588cf Identifier hash: b99588cf Subject: /C=CZ/O=Oracle Czech s.r.o./OU=install/CN=genca Issuer: /C=CZ/O=Oracle Czech s.r.o./OU=install/CN=genca Valid from Apr 27 13:12:27 2012 GMT to Apr 27 13:12:27 2015 GMT This CA has the following uses: WARNING: this is the server CA certificate Deleting this Certificate Authority certificate can prevent credentials from validating. Do you want to delete this Certificate Authority certificate [y|N]: y Deleting all references to Certificate Authority with hash value b99588cf
Caution -In this example, all instances of
this CA certificate are deleted for all clients that use it; the affected
clients can no longer be authenticated. Once the specified CA certificate is
used to generate certificates, the installadm
command can no
longer generate certificates.
Example 5-11 Deleting AI Server Security Credentials
This example deletes the AI server's private key and certificate, any CA certificate, and the OBP keys for server authentication only:
$ installadm set-server -x