-
Notifications
You must be signed in to change notification settings - Fork 135
Removing PKI Server Manually
Endi S. Dewata edited this page Jan 20, 2023
·
4 revisions
This page describes the process to remove a PKI server instance manually.
This process should only be used in case pkidestroy cannot remove the instance completely.
$ kill -9 `ps -ef | grep catalina.base=/var/lib/pki/pki-tomcat | grep -v grep | awk '{print $2}'`
$ rm -rf /etc/pki/pki-tomcat $ rm -rf /var/lib/pki/pki-tomcat
$ rm -rf /etc/sysconfig/pki-tomcat $ rm -rf /etc/sysconfig/pki/tomcat/pki-tomcat
$ rm -rf /var/log/pki/pki-tomcat $ rm -rf /var/log/pki/pki-*.log
$ rm -rf $HOME/.dogtag/pki-tomcat
$ rm -rf /etc/systemd/system/[email protected]/user.conf
$ semanage fcontext -d "/etc/pki/pki-tomcat(/.*)?" $ semanage fcontext -d "/etc/pki/pki-tomcat/alias(/.*)?" $ semanage fcontext -d "/var/lib/pki/pki-tomcat(/.*)?" $ semanage fcontext -d "/var/log/pki/pki-tomcat(/.*)?"
To remove the mapping entry, execute the following command:
$ ldapdelete -x -D "cn=Directory Manager" -w Secret.123 << EOF cn=dc\3Dca\2Cdc\3Dpki\2Cdc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config EOF
To remove the backend entry, execute the following command:
$ ldapdelete -x -D "cn=Directory Manager" -w Secret.123 -r << EOF cn=ca,cn=ldbm database,cn=plugins,cn=config EOF
Please refer to the HSM manual to remove the certificates and keys created by the subsystem.
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |