Deleting Certificates

If you are using CA-signed certificates for encryption, it is best practice to delete the unused default certificates from the keystore and the truststore. You can delete certificates from a keystore using the keytool command.

The following example deletes the openidm-localhost certificate from the keystore: 

keytool \
-delete \
-alias openidm-localhost \
-keystore /path/to/openidm/security/keystore.jceks \
-storetype JCEKS \
-storepass changeit

The following example deletes the openidm-localhost certificate from the truststore: 

keytool \
-delete \
-alias openidm-localhost \
-keystore /path/to/openidm/security/truststore \
-storepass changeit

You can use similar commands to delete custom certificates from the keystore and truststore, specifying the certificate alias in the request.

Repeat these steps to delete all the default certificate aliases that you are not using in your deployment.

Read a different version of :