Digital Certificates › General Rules › Remove a Certificate from a User

Remove a Certificate from a User

Use the REMOVE command to remove a certificate from a user. Issuing the command also removes any key ring connections.

If the GENREQ command has been issued against a certificate (when creating a certificate based on an original certificate), the original certificate cannot be removed unless you specify the FORCE operand or the new certificate has replaced the original certificate.

You can use the following keywords to identify the digital certificate:

• DIGICERT
• LABLCERT
• Both SERIALNUM and ISSUERDN

To remove a certificate from a user, enter the following command:

TSS REMOVE(acid|CERTAUTH|CERTSITE)	[DIGICERT(eight_byte_name)]
					[LABLCERT(label_name)]
					[SERIALNUM(serial_number)]
					[ISSUERDN(issuer_distinguished_name)]
					FORCE

acid|CERTAUTH|CERTSITE

Provides one of the following functions:

• Specifies the ACID of the user associated with the certificate
• Identifies the certificate as a certificate-authority certificate (CERTAUTH)
• Identifies the certificate as a site certificate (CERTSITE)

DIGICERT

Specifies a name to identify the digital certificate.

LABLCERT

Specifies a label associated with the certificate.

SERIALNUM

Specifies the serial number of the certificate.

ISSUERDN

Specifies the certification authority's distinguished name as extracted from the certificate.

FORCE

Forces the removal of the certificate from the user when the certificate has been GENREQ’d. This action should be done only in the following situations:

• You specified GENREQ when REKEY was intended.
• You specified REKEY when GENREQ was intended.

Example: Remove a Certificate

This example removes a certificate:

TSS REMOVE(USER01) DIGICERT(DIGI0001)