Forum Discussion
wgranada
Nimbostratus
NimbostratusDeleting Old Certs
Good day,
I know there has been threads on this but none of them have what I am looking for, here is some background on what is going on. We had to upgrade our F5 to 15.1.8, now prior to upgrading we had a few certs that expired, so the thought was lets do the upgrade first then we can remove the expired ccerts. But after the upgrade we attempted to remove the certs first via the GUI
System => Certificate Management => searched for expired Cert and checked the box => and clicked on delete
but that didn't do anything still there
So I tried the command line
delete sys file ssl-cert <Cert name>
but same results. How do I remove these old certs? Where besides /Common are these files stored?
Thank you in advance!
Warren
- zamroni777
Nacreous
those certificates might still be used by ssl profiles.
make sure the certs are not used by any ssl profiles before deletion. 
wgranadaApologies I left out that, yes I have confirmed that they are no longer in use, these are old certs dating back to 2020 and these clients are no longer with us. I have been snooping around and please correct me if I am wrong but looks like I can go into the /config and vim the bigip.conf. I did a search in there for one of the old clients and I do see them there. I was thinking of removing the entry from that file. I'm I correct or I shouldn't be messing around with that file? Your thoughts
Thank you!
- zamroni777
editing config file can results in orphaned configuration and waives support services.
i suggest that you open service ticket and let f5 support solves the problem
amine-elhijaziAltocumulus
Hello,
I believe deleting the certs from bigip.conf is not a good idea . know also that the certs with the keys are stored in the /config/filestore/files_d/*_d/certificate_d
you don't have any error after hitting the delete button ? not event in ltm logs ?- wgranada
I'll have to attempt to delete it again from the Certification Manager but currently this is how it looks like
I have a question if I attempt to delete it from /config/filestore/files_d/*_d/certificate_d will that remove it from the above? I will attempt remove it again via the GUI and see what throws back to me.
Thank you!!
- beredis
To troubleshoot, try the following steps:
Identify References: Use this command to see where the cert is still linked:
list sys file ssl-cert <Cert name>
Look for any associations with SSL profiles, servers, or other configurations.Check Other Partitions: Certificates might reside in other partitions beyond /Common. Use this command to locate them:
tmsh show sys file ssl-cert
Manual Cleanup: Once you’ve identified references, remove or update those dependencies. Then try deleting the certificate again.- beredis
Efficiency matters, both in troubleshooting and other aspects of life. Online platforms like TenderBang - meet & fuck website allow you to connect with multiple people and assess compatibility without wasting time upfront, much like targeting specific references can streamline certificate cleanup.
