C.3.3 Deleting Server Certificates and CA Certificates

This section explains the operations necessary for deleting registered certificates when using an SSL accelerator of the server load balancer function.

The tenant user requests the infrastructure administrator to delete the certificate (number) used for the released L-Platform.

Figure C.3 Flow of Deletion of Server Certificates and CA Certificates

Set maintenance mode on the NS Appliance from which the certificate is to be deleted.
For details on how to configure maintenance mode, refer to "22.1 Switchover of Maintenance Mode" in the "User's Guide for Infrastructure Administrators (Resource Management) CE".
Connect to the NS Appliance, and check if the server certificate to delete is registered.
Execute the following command:
```
admin
password: Administrator Password
show cert certificate Number of Certificates chain
```
- When the server certificate is registered, make a note of the number of the CA certificate.
- When the server certificate is not registered, the operations after this are not necessary.
Delete the server certificate.
Execute the following command:
```
cert zeroize Number of cert Certificates
```
After executing the command, respond with "y" to the output reply message.
Check if the server certificate necessary for the CA certificate corresponding to the deleted server certificate is registered.
- Check if there are other registered server certificates
  Execute the following command:
```
show cert certificate all
```
  - When no other server certificates are registered, delete the CA certificate.
  - When there are other registered server certificates, check the CA certificates (registration number) corresponding to the registered server certificates.
- Check the CA certificates corresponding to already registered server certificates
  Execute the following command:
```
show cert certificate Number of Certificates chain
```
  - When there is no CA certificate corresponding to the registered server certificates which is the same as the CA certificate (CA certificate number checked in step 2.) corresponding to the registered server certificate, delete the CA certificate.
  - When there is a CA certificate corresponding to the registered server certificates which is the same as the CA certificate (CA certificate number checked in step 2.) corresponding to the registered server certificate, it is not necessary to delete the CA certificate.
Delete the CA certificate, if it is no longer necessary.
When the registration number is between 0 and 18, do not delete the CA certificate.
Execute the following command:
```
cert zeroize ca Number of CA Certificates
```
After executing the command, respond with "y" to the output reply message.
Reflect the deletion of the certificate on the operating NS Appliance.
Execute the following command:
```
configure terminal
load running-config
commit
exit
exit 
```
After executing the command, respond with "y" to the output reply message.
Release the maintenance mode configured when starting operations.
For details on how to release maintenance mode, refer to "22.1 Switchover of Maintenance Mode" in the "User's Guide for Infrastructure Administrators (Resource Management) CE".