1. Automatically Installing Oracle Solaris 11.4 Systems
  2. Securing Automated Installation
  3. Other Security Related Tasks
  4. Deleting Credentials

Deleting Credentials

Use the installadm command to delete security credentials. The set-server, set-service, and set-client subcommands can be used to delete security credentials.

Security credentials are also removed when you run the delete-client or delete-service subcommands. The delete-client command removes all client-specific credentials. The delete-service subcommand removes all service-specific credentials as well as any client-specific credentials for all clients of that service and any alias services.

Caution - Deleted credentials cannot be recovered, and the TLS security protocol cannot function without server credentials. AI security will be disabled prior to deleting the server credentials.

Example 5-9 Deleting Credentials for One Client

This example deletes the private key and certificate, any CA certificate, and any OBP keys that were assigned to the client by using a MAC address.

$ installadm set-client -e mac-addr -x

Example 5-10 Deleting a CA Certificate

This example deletes the specified CA certificate for all clients that use that CA certificate. The value of the --hash option argument is the hash value of the certificate's X.509 subject, as displayed by the list subcommand and shown in Displaying Client Security Information. Any clients that are using the specified CA certificate are counted and displayed along with a prompt to confirm you want to continue. 

$ installadm set-client -x --hash b99588cf
  Identifier hash: b99588cf
  Subject: /C=CZ/O=Oracle Czech s.r.o./OU=install/CN=genca
  Issuer:  /C=CZ/O=Oracle Czech s.r.o./OU=install/CN=genca
  Valid from Apr 27 13:12:27 2012 GMT to Apr 27 13:12:27 2015 GMT
This CA has the following uses:
        WARNING: this is the server CA certificate
Deleting this Certificate Authority certificate can prevent 
    credentials from validating.
Do you want to delete this Certificate Authority certificate [y|N]: y
Deleting all references to Certificate Authority with hash value b99588cf

Caution -In this example, all instances of this CA certificate are deleted for all clients that use it; the affected clients can no longer be authenticated. Once the specified CA certificate is used to generate certificates, the installadm command can no longer generate certificates.

Example 5-11 Deleting AI Server Security Credentials

This example deletes the AI server's private key and certificate, any CA certificate, and the OBP keys for server authentication only:

$ installadm set-server -x