How to successfully delete an expired SSL cert from the SG.

book

Article ID: 166502

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

When I try to delete an expired certificate from the SG I get an error message that the cert is in use, even though I have disassociated the keyring with all policies and services. I even searched the sysinfo to see if I missed any other services.

Resolution

To successfully delete an expired SSL certificate from the SG GUI, you must first:

  1. Disassociate all components and polices that are tied to the keyring (where applicable).

  • HTTPS reverse proxy service
  • HTTPS management service
  • OCSP responder(s) (SGOS 5.x and later)
  • SSL client
  • Configuration setting for SSL Intercept issuer-keyring
  • SSL-Intercept layer policy
  • SSL device profile(s)

  2. Reboot the SG.

 To delete the certificate using the Management Console:

  1. Select Configuration>SSL>Keyrings>SSL Keyrings
  2. Highlight the name of the keyring containing the certificate you want to delete
  3. Click Edit 
  4. Click Delete in the Certificate section
  5. The Confirm delete dialog appears
  6. Click OK in the Confirm delete dialog box
  7. Click Close in the Edit Keyring dialog box
  8. Click Apply and OK

To delete the entire keyring:

 

  1. Select Configuration>SSL>Keyrings>SSL Keyrings
  2. Highlight the name of the keyring that you want to delete
  3. Click Delete
  4. The Confirm delete dialog appears
  5. Click OK in the Confirm delete dialog box
  6. Click Apply and OK