Unable to renew or delete server-chain certificate due to corresponding server certificate

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 210

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: CORE

Last Updated:

Applies to

ONTAP 9
Certificates

Issue

Deleting a server-chain certificate fails:

cluster1::> certificate delete -vserver svm_name -type server-chain -serial ABCDEFABCDEF -cert-name XXXXXXXXX -common-name www.example.com -ca www.example.com

Error: command failed: Cannot delete server-chain certificate. Reason: There is a corresponding server certificate for it.

There are a server and server-chain certificate with identical serial numbers:

cluster1::> security certificate show -vserver svm_name

Vserver Serial Number Common Name Type

---------- --------------- ----------------------------------------- ---------

svm_name ABCDEFABCDEF www.example.com server

Certificate Authority: www.example.com

Expiration Date: Mon Jan 01 01:00:00 2024

svm_name ABCDEFABCDEF www.example.com server-chain

Certificate Authority: www.example.com

Expiration Date: Mon Jan 01 01:00:00 2024