Remove a signed CA

Hi everyone,

I’ve signed a certificate request accidentally. How can I remove it from CA list. When I run Icinga2 ca remove it says : Certificate request for CN ‘’ already signed, removal is not possible. I wanted to know if there is any way to revoke or remove a signed CA?

Hello Ehsan and Welcome

From what the docs state once the certificate has been approved, it can not be removed.
You may want to change the NodeName in the host constants.conf and try to resign the new certificate, the one what will be used is the one that will match the definition in the constants.conf file.


1 Like

Hi and thanks for your help Assaf, I looked for it in the docs and I couldn’t fined it, could you please share the link to where it’s mentioned in the documentation. Can I use the same name and resign it with anther CA? On another question, which constans.conf do you mean? on master or client?


The certificate matches the “NodeName” of the client.
The CA domain is taken from the master’s details.


Thanks a lot.


Hello there and welcome to the community!

I’d like to ask you to mark the answer that helped you the most in solving your issue as the solution :slight_smile:
This helps others figure out whether a question still needs an answer and where to look if someone has a similar issue.

Thank you and have a wonderful day!

Hello and thanks,
It is done :slight_smile:

1 Like