Forum Discussion

Nimbostratus

Dec 12, 2016

How to delete Orphan certs and keys

we have around 1000 orphan certs and keys to delete. I understood that if I used "delete system crypto", it will left system file as it in bigconf.config file so better to use GUI. but deleting these...

Noctilucent

Dec 12, 2016

you can generate expired list of SSL certificate & delete manually or through script. will popup error if it is in used.

https://devcentral.f5.com/questions/find-unused-ssl-certificates

    delete sys crypto key web.test.com.crt
    delete /sys crypto key web.test.com.crt

Anush
Nimbostratus
Dec 12, 2016
Thanks for your comment. I already have list of certs/keys. I believed that if I use "delete sys crypto key" command, it will delete certs/keys but not delete from conf. file.

is it not true?

Thanks
Anush
Nimbostratus
Dec 12, 2016
I just tried on one of our test box and yes that is correct that if you use "delete crypto" command, bigip.conf file still showing you it's there but if you use by GUI, it will get deleted from .conf file too. my problem is, deleting around 1000 certs/keys using GUI is not convenient so trying to find command or any other way which can clean up .conf file too.

Thanks