Remove a signed CA

ehsank777 · April 16, 2020, 11:51am

Hi everyone,

I’ve signed a certificate request accidentally. How can I remove it from CA list. When I run Icinga2 ca remove it says : Certificate request for CN ‘X.X.com’ already signed, removal is not possible. I wanted to know if there is any way to revoke or remove a signed CA?

aflatto · April 16, 2020, 2:24pm

Hello Ehsan and Welcome

From what the docs state once the certificate has been approved, it can not be removed.
You may want to change the NodeName in the host constants.conf and try to resign the new certificate, the one what will be used is the one that will match the definition in the constants.conf file.

Regards

ehsank777 · April 19, 2020, 8:54am

Hi and thanks for your help Assaf, I looked for it in the docs and I couldn’t fined it, could you please share the link to where it’s mentioned in the documentation. Can I use the same name and resign it with anther CA? On another question, which constans.conf do you mean? on master or client?

aflatto · April 21, 2020, 6:42am

Hello

The certificate matches the “NodeName” of the client.
The CA domain is taken from the master’s details.

Regards

ehsank777 · April 21, 2020, 7:10am

Hello
Thanks a lot.

Bests,

theFeu · April 21, 2020, 9:13am

Hello there and welcome to the community!

I’d like to ask you to mark the answer that helped you the most in solving your issue as the solution
This helps others figure out whether a question still needs an answer and where to look if someone has a similar issue.

Thank you and have a wonderful day!
Feu

ehsank777 · April 21, 2020, 9:28am

Hello and thanks,
It is done

wilskywalker · May 2, 2023, 8:54pm

You can also delete requests in the following path:

/var/lib/icinga2/certificate-requests/