This section explains the operations necessary for deleting registered certificates when using an SSL accelerator of the server load balancer function.
The tenant user requests the infrastructure administrator to delete the certificate used for the released L-Platform.
Figure C.3 Flow of Deletion of Server Certificates and CA Certificates
Set maintenance mode on the NS Appliance from which the certificate is to be deleted.
For details on how to configure maintenance mode, refer to "22.1 Switchover of Maintenance Mode" in the "User's Guide for Infrastructure Administrators (Resource Management) CE".
Connect to the NS Appliance, and check if the server certificate to delete is registered.
Execute the following command:
admin password: Administrator Password show cert certificate show cert certificate Server Certificate Number chain
Enter the administrator password specified in the "2.2.3.3 Network Configuration Information Files" which was created during installation of NS Appliance.
When performing auto-configuration using user customization mode
Specify the number of the certificate which is used on the already released L-Platform, as notified by the tenant user or tenant administrator.
When performing auto-configuration using simple configuration mode
Check and specify the number of the certificate corresponding to the "owner information (CN name)" which was provided by the tenant user or tenant administrator, referring to the results of "show cert certificate".
When the server certificate is registered, make a note of the number of the CA certificate.
When the server certificate is not registered, the operations after this are not necessary.
Delete the server certificate.
Execute the following command:
cert zeroize cert all Server Certificate NumberSpecify the number of the certificate which is used on the already released L-Platform, as notified by the tenant user or tenant administrator.
After executing the command, respond with "y" to the output reply message.
Check if the server certificate necessary for the CA certificate corresponding to the deleted server certificate is registered.
Check if there are other registered server certificates
Execute the following command:
show cert certificate all
When no other server certificates are registered, delete the CA certificate.
When there are other registered server certificates, check the CA certificates (registration number) corresponding to the registered server certificates.
Check the CA certificates corresponding to already registered server certificates
Execute the following command:
show cert certificate Server Certificate Number chainSpecify the number of the registered server certificate.
When there is no CA certificate corresponding to the registered server certificates which is the same as the CA certificate (CA certificate number checked in step 2.) corresponding to the registered server certificate, delete the CA certificate.
When there is a CA certificate corresponding to the registered server certificates which is the same as the CA certificate (CA certificate number checked in step 2.) corresponding to the registered server certificate, it is not necessary to delete the CA certificate.
Delete the CA certificate, if it is no longer necessary.
When the registration number is between 0 and 18, do not delete the CA certificate.
Execute the following command:
cert zeroize ca CA Certificate NumberSpecify the number of the CA certificate confirmed in step 2.
After executing the command, respond with "y" to the output reply message.
Reflect the deletion of the certificate on the operating NS Appliance.
Execute the following command:
configure terminal load running-config commit exit exit
After executing the command, respond with "y" to the output reply message.
Execute the rcxnetworkservice certctl command.
rcxnetworkservice crtctl -name name -syncSpecify the NS appliance device name.
Execute this command when using simple configuration mode.
For details on this command, refer to "A.1 rcxnetworkservice".
Release the maintenance mode configured when starting operations.
For details on how to release maintenance mode, refer to "22.1 Switchover of Maintenance Mode" in the "User's Guide for Infrastructure Administrators (Resource Management) CE".