Test cases: ---------- 1. Find the certs. [root@pki1 ~]# pki pkcs12-cert-find --pkcs12-file /tmp/test_BZ/ca.p12 --pkcs12-password-file /tmp/test_BZ/password.txt --------------- 5 entries found --------------- Certificate ID: 8f10550112e84d196c20368492579914900732bc Serial Number: 0x2 Nickname: ocspSigningCert cert-topology-02-CA CA Subject DN: CN=CA OCSP Signing Certificate,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: u,u,u Has Key: true Certificate ID: 3bb6074fa6efe3d0b0e785b0366ccaacc4ca75c8 Serial Number: 0x1 Nickname: caSigningCert cert-topology-02-CA CA Subject DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: CTu,Cu,Cu Has Key: true Certificate ID: 1f32ec27dbb05aa0a305011d0114513b7fd17c6b Serial Number: 0x4 Nickname: subsystemCert cert-topology-02-CA Subject DN: CN=Subsystem Certificate,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: u,u,u Has Key: true Certificate ID: 9bf832618b627f34ba17ed2664f5b50e4e0c9e7a Serial Number: 0x3 Nickname: Server-Cert cert-topology-02-CA Subject DN: CN=pki1.example.com,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: u,u,u Has Key: true Certificate ID: 2d0929b8e6e827b1f7fdf37f915b5a5b0662d42b Serial Number: 0x5 Nickname: auditSigningCert cert-topology-02-CA CA Subject DN: CN=CA Audit Signing Certificate,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: u,u,Pu Has Key: true 2. Try to remove a cert which doesn't exist. [root@pki1 ~]# pki pkcs12-cert-del "test" --pkcs12-file /tmp/test_BZ/ca.p12 --pkcs12-password-file /tmp/test_BZ/password.txt Warning : Certificate Nickname test doesn't exist 3. Make sure all 5 entries exist. [root@pki1 ~]# pki pkcs12-cert-find --pkcs12-file /tmp/test_BZ/ca.p12 --pkcs12-password-file /tmp/test_BZ/password.txt --------------- 5 entries found --------------- Certificate ID: 8f10550112e84d196c20368492579914900732bc Serial Number: 0x2 Nickname: ocspSigningCert cert-topology-02-CA CA Subject DN: CN=CA OCSP Signing Certificate,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: u,u,u Has Key: true Certificate ID: 3bb6074fa6efe3d0b0e785b0366ccaacc4ca75c8 Serial Number: 0x1 Nickname: caSigningCert cert-topology-02-CA CA Subject DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: CTu,Cu,Cu Has Key: true Certificate ID: 1f32ec27dbb05aa0a305011d0114513b7fd17c6b Serial Number: 0x4 Nickname: subsystemCert cert-topology-02-CA Subject DN: CN=Subsystem Certificate,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: u,u,u Has Key: true Certificate ID: 9bf832618b627f34ba17ed2664f5b50e4e0c9e7a Serial Number: 0x3 Nickname: Server-Cert cert-topology-02-CA Subject DN: CN=pki1.example.com,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: u,u,u Has Key: true Certificate ID: 2d0929b8e6e827b1f7fdf37f915b5a5b0662d42b Serial Number: 0x5 Nickname: auditSigningCert cert-topology-02-CA CA Subject DN: CN=CA Audit Signing Certificate,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: u,u,Pu 4. Remove a valid cert and make sure now 4 entries left. root@pki1 ~]# pki pkcs12-cert-del "auditSigningCert cert-topology-02-CA CA" --pkcs12-file /tmp/test_BZ/ca.p12 --pkcs12-password-file /tmp/test_BZ/password.txt ------------------------------------------------------------- Deleted certificate "auditSigningCert cert-topology-02-CA CA" ------------------------------------------------------------- 5. Now check number of certs again.Make sure only one deleted. [root@pki1 ~]# pki pkcs12-cert-find --pkcs12-file /tmp/test_BZ/ca.p12 --pkcs12-password-file /tmp/test_BZ/password.txt --------------- 4 entries found --------------- Certificate ID: 8f10550112e84d196c20368492579914900732bc Serial Number: 0x2 Nickname: ocspSigningCert cert-topology-02-CA CA Subject DN: CN=CA OCSP Signing Certificate,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: u,u,u Has Key: true Certificate ID: 3bb6074fa6efe3d0b0e785b0366ccaacc4ca75c8 Serial Number: 0x1 Nickname: caSigningCert cert-topology-02-CA CA Subject DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: CTu,Cu,Cu Has Key: true Certificate ID: 1f32ec27dbb05aa0a305011d0114513b7fd17c6b Serial Number: 0x4 Nickname: subsystemCert cert-topology-02-CA Subject DN: CN=Subsystem Certificate,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: u,u,u Has Key: true Certificate ID: 9bf832618b627f34ba17ed2664f5b50e4e0c9e7a Serial Number: 0x3 Nickname: Server-Cert cert-topology-02-CA Subject DN: CN=pki1.example.com,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: u,u,u Has Key: true 6. try to remove an empty cert. [root@pki1 ~]# pki pkcs12-cert-del --pkcs12-file /tmp/test_BZ/ca.p12 --pkcs12-password-file /tmp/test_BZ/password.txt Error: Missing certificate nickname. usage: pkcs12-cert-del [OPTIONS...] --debug Run in debug mode. --help Show help options --pkcs12-file PKCS #12 file --pkcs12-password PKCS #12 password --pkcs12-password-file PKCS #12 password file -v,--verbose Run in verbose mode.