Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carlos_Almeida
New Contributor II

Delete certificate

Hello everyone, I'm trying to delete a certificate that I misplaced but I don't know how to do it. The delete button is not available on the options, only import, view or Download. I have a certificate that expired yesterday and the point was to replace it for the new one. When I try to reload it, appears the following message: "Certificate file is duplicate for CA/LOCAL/REMOTE/CRL cert.". I'm running the fw 6.4.5 @ 60F units. Thank you

Carlos Almeida
1 Solution
janwee

Did you do:

 

config vpn certificate ca <hit enter>

delete CA_Cert_1 <hit enter>

 

this should remove the cert you marked in your screenshot.

@sw2090 yes, usually I prefer deleting in the gui as well but especially with certs this often times doesn't work although the cert isn't used anywhere.

 

Regards,

 

Jan

View solution in original post

10 REPLIES 10
janwee
New Contributor II

Hey Carlos,

 

when having issues with certificates, I can only highly recommend using the CLI instead of the GUI.

Just go to "config vpn certificate [local / ca / remote]" and issue the delete-command for the given certificate.

 

Regards,

 

Jan

Carlos_Almeida

Hi @janwee.

 

And how it works this command?

Can you please show me an example? Thank you!

 

Recards,

Carlos

Carlos Almeida
janwee

Hi Carlos, 

 

totally depends on what kind of certificate you want to delete (see the square brackets above).

For example you do "config vpn certificate local" and hit Enter for local certificates. Afterwards you can type "delete ?" to see which certificates you have on your device and then replace the questionmark by the cert you want to delete.

 

Best regards,

 

Jan

Carlos_Almeida

Hi Jan and sw2090,

 

Here it is an image of it. as you can see, that certificate is not being used, 0 references. @Jan, I didn't catch it, sorry. :(

 

Through the CLI, is there any procedure that I can do to delete this certificate and then reload it again?

Carlos Almeida
janwee

Did you do:

 

config vpn certificate ca <hit enter>

delete CA_Cert_1 <hit enter>

 

this should remove the cert you marked in your screenshot.

@sw2090 yes, usually I prefer deleting in the gui as well but especially with certs this often times doesn't work although the cert isn't used anywhere.

 

Regards,

 

Jan

Carlos_Almeida

Thank you Jan. :) It worked, but I had to restart the fw as well, now the certificate disappeared, finally!

 

Carlos Almeida
janwee

great to hear, glad I could help :)

Maerre
New Contributor II

Hello,

 

i have the same problem but i don't have access to CLI, is there another way to delete the certificate?

from gui is grayed out

JPG
New Contributor

I can't get it to delete on the CLI. I get the error "Cannot delete a static route" but it's not on the static route list. It's the cert Staat_der_Nederlanden_EV_Root_CA. Any ideas?