000014799 - How to delete a CA using the admin console?

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014799
Applies ToRSA Certificate Manager 6.8
IssueHow to delete a CA using the admin console?
Steps to delete a CA through the admin console
Resolution

Refer to the RSA Certificate Manager 6.8 Administrator's Guide, pages 120-121.  For quick reference, here is a copy of the steps:

Before you delete a CA, RSA recommends that you back up the CA.
Ensure that certificates issued by the CA are no longer needed. For more information, see RSA Admin Guide ?Backing Up and Moving CAs? on page 113.

Deleting a CA deletes all of its Jurisdictions, certificates, and certificate requests.
You cannot delete the following CAs:
- System CA
- Administrative CA
- Key Recovery CA (if Key Recovery is installed)
- CA with a Jurisdiction targeted by Registration Manager during installation

Prerequisites
You can delete a CA in Certificate Manager if all the following conditions are met:
The CA is revoked or suspended. For more information, see RSA Admin Guide Chapter 13, ?Controlling CA Status.?
The CA has no subordinate CAs. Subordinate CAs must first be deleted or re-signed with a different CA. For more information, see RSA Admin Guide ?Re-signing Local CA Certificates? on page 118.
The CA has no Jurisdictions approved for Registration Manager. Approvals must be removed before deleting the CA. For more information, see RSA Admin Guide ?Managing Jurisdictions for Registration Manager? on page 363.
Note: If the CA Jurisdiction was targeted by Registration Manager at installation, you cannot remove approval and therefore cannot delete the CA.
The CA has no active revocation list signer. The signer must be revoked. For more information, see RSA Admin Guide?Revoking the Certificate of a Designated Revocation List Signer? on page 217.

Follow these steps to delete a CA:
1. Click CA Operations.
2. Select the CA you want to delete.
3. Below the displayed CA information, under CA Operations, click Delete CA.
4. Review the information about the Jurisdictions, certificates, and requests that will be deleted if you delete the CA.
5. Click Next.
6. Click OK to confirm the deletion.
The CA, its Jurisdictions, issued certificates, and certificate requests are deleted.

Legacy Article IDa47521

Attachments

    Outcomes