How to delete Orphan certs and keys

Question

we have around 1000 orphan certs and keys to delete. I understood that if I used "delete system crypto", it will left system file as it in bigconf.config file so better to use GUI. but deleting these mass amount of certs/keys using GUI is not quite practical.&nbsp;
Is there any other way I can delete those certs/keys which can clean up the files in conf file too?&nbsp;
Thanks,&nbsp;

samir_jha_52506 · Answer

you can generate expired list of SSL certificate &amp; delete manually or through script. will popup error if it is in used.
https://devcentral.f5.com/questions/find-unused-ssl-certificates
    delete sys crypto key web.test.com.crt
    delete /sys crypto key web.test.com.crt

anush · Answer

Thanks for your comment. I already have list of certs/keys. I believed that if I use "delete sys crypto key" command, it will delete certs/keys but not delete from conf. file. &nbsp;
is it not true?&nbsp;
Thanks&nbsp;

anush · Answer

I just tried on one of our test box and yes that is correct that if you use "delete crypto" command, bigip.conf file still showing you it's there but if you use by GUI, it will get deleted from .conf file too.  my problem is, deleting around 1000 certs/keys using GUI is not convenient so trying to find command or any other way which can clean up .conf file too.&nbsp;
Thanks&nbsp;

Forum Discussion

How to delete Orphan certs and keys

3 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

2026 301a exam

F5OS login with admin/root failed via console

UCS Encryption Question

Unblock Request WAF

Related Content

Deleting an AS3 Tenant

Delete VS

python bigsuds - Get Orphaned iRules

This DevCentral Content has been Archived or Deleted

Delete Management Default Route?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS