Deleting Certificates
If you are using CA-signed certificates for encryption, it is best practice to delete the unused default certificates from the keystore and the truststore. You can delete certificates from a keystore using the keytool command.
The following example deletes the openidm-localhost
certificate from the keystore:
keytool \
-delete \
-alias openidm-localhost \
-keystore /path/to/openidm/security/keystore.jceks \
-storetype JCEKS \
-storepass changeit
The following example deletes the openidm-localhost
certificate from the truststore:
keytool \
-delete \
-alias openidm-localhost \
-keystore /path/to/openidm/security/truststore \
-storepass changeit
You can use similar commands to delete custom certificates from the keystore and truststore, specifying the certificate alias in the request.
Repeat these steps to delete all the default certificate aliases that you are not using in your deployment.