Description |
This article explains how to delete a local certificate despite receiving the error 'Can't delete this certificate. It's currently being used.' on a certificate that is not being used. |
Scope | FortiGate, all firmware. |
Solution |
Sometimes, a local certificate can't be deleted. Even after removing all references, it gives the following error:
Entry is used. Command_cli_delete:6740 delete table entry fgnw unset oper error ret=-23.
Upon attempting to delete the certificate through the CLI, the following error appears:
Can't delete this certificate. It's currently being used.
To find out where the certiifcate is being used on Fortigate, run the following commands in the CLI:
# config system global (global) # get | grep fgnw admin-server-cert : fgnw (global) # end
In this instance, the certificate is being used as an 'admin server certificate'. This information can be found in the GUI in System -> Settings under the Administration Settings section.
Check the value of the 'HTTPS server certificate' field:
Change the certificate here. After that, the local certificate will be possible to delete.
Optionally, download the configuration file and run a search for 'certificate_name' to find where the certificate is being used in the configuration. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.