Removing PKI Server Manually - dogtagpki/pki GitHub Wiki

Overview

This page describes the process to remove a PKI server instance manually.

This process should only be used in case pkidestroy cannot remove the instance completely.

Killing Server Process

$ kill -9 `ps -ef | grep catalina.base=/var/lib/pki/pki-tomcat | grep -v grep | awk '{print $2}'`

Removing Instance Files

$ rm -rf /etc/pki/pki-tomcat
$ rm -rf /var/lib/pki/pki-tomcat

Removing Systemd Files

$ rm -rf /etc/sysconfig/pki-tomcat
$ rm -rf /etc/sysconfig/pki/tomcat/pki-tomcat

Removing Installation Logs

$ rm -rf /var/log/pki/pki-tomcat
$ rm -rf /var/log/pki/pki-*.log

Removing Admin NSS Database

$ rm -rf $HOME/.dogtag/pki-tomcat

Removing Custom User Configuration

$ rm -rf /etc/systemd/system/[email protected]/user.conf

Removing SELinux Contexts

$ semanage fcontext -d "/etc/pki/pki-tomcat(/.*)?"
$ semanage fcontext -d "/etc/pki/pki-tomcat/alias(/.*)?"
$ semanage fcontext -d "/var/lib/pki/pki-tomcat(/.*)?"
$ semanage fcontext -d "/var/log/pki/pki-tomcat(/.*)?"

Removing DS Database

To remove the mapping entry, execute the following command:

$ ldapdelete -x -D "cn=Directory Manager" -w Secret.123 << EOF
cn=dc\3Dca\2Cdc\3Dpki\2Cdc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
EOF

To remove the backend entry, execute the following command:

$ ldapdelete -x -D "cn=Directory Manager" -w Secret.123 -r << EOF
cn=ca,cn=ldbm database,cn=plugins,cn=config
EOF

Removing Certificates and Keys in HSM

Please refer to the HSM manual to remove the certificates and keys created by the subsystem.

See Also

Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
⚠️ **GitHub.com Fallback** ⚠️