Refer to the RSA Certificate Manager 6.8 Administrator's Guide, pages 120-121. For quick reference, here is a copy of the steps:
Before you delete a CA, RSA recommends that you back up the CA.
Ensure that certificates issued by the CA are no longer needed. For more information, see RSA Admin Guide ?Backing Up and Moving CAs? on page 113.
Deleting a CA deletes all of its Jurisdictions, certificates, and certificate requests.
You cannot delete the following CAs:
- System CA
- Administrative CA
- Key Recovery CA (if Key Recovery is installed)
- CA with a Jurisdiction targeted by Registration Manager during installation
You can delete a CA in Certificate Manager if all the following conditions are met:
- The CA is revoked or suspended. For more information, see RSA Admin Guide Chapter 13, ?Controlling CA Status.?
- The CA has no subordinate CAs. Subordinate CAs must first be deleted or re-signed with a different CA. For more information, see RSA Admin Guide ?Re-signing Local CA Certificates? on page 118.
- The CA has no Jurisdictions approved for Registration Manager. Approvals must be removed before deleting the CA. For more information, see RSA Admin Guide ?Managing Jurisdictions for Registration Manager? on page 363.
Note: If the CA Jurisdiction was targeted by Registration Manager at installation, you cannot remove approval and therefore cannot delete the CA.
- The CA has no active revocation list signer. The signer must be revoked. For more information, see RSA Admin Guide?Revoking the Certificate of a Designated Revocation List Signer? on page 217.
Follow these steps to delete a CA:
1. Click CA Operations.
2. Select the CA you want to delete.
3. Below the displayed CA information, under CA Operations, click Delete CA.
4. Review the information about the Jurisdictions, certificates, and requests that will be deleted if you delete the CA.
5. Click Next.
6. Click OK to confirm the deletion.
The CA, its Jurisdictions, issued certificates, and certificate requests are deleted.