Hi Troy,Here's a suggestion

Troy Jones · ‎04-13-2015

We have a scenario where we are trying to automate tomcat cert deletions. The issue is that even though in the GUI, the certs have the names spelled differently (one is capitalized, one is not, but spelled the same) the "set cert delete tomcat-trust name" deletes both.

example:

cert names

testcert.pem

TESTCERT.pem

since we are trying to automate this, having TAC use root access to delete in reference to the PKID doesn't help. Any other ideas?

Troy Jones · ‎09-22-2015

anything?

Nadav · ‎09-23-2015

Hi Troy,

Here's a suggestion off the top of my head:

1) SSH to CUCM server with admin credentials

2) Perform "show cert trust" and store the output which contains the same string as the cert you're deleting (case-insensitive), excluding the specific cert you wanted to delete. For example if you want to delete Aaaaa.pem, and the list shows: AAAAA.pem,Aaaaa.pem,AaaAa.pem, then store the first and third string. This is so you can retain them and delete only Aaaaa.pem.

3) Export tomcat-trust certs to your sftp server (set cert bulk export tomcat-trust).

4) Delete the cert(s), and import the other certs you want to retain from the SFTP server. For example you deleted all three certs, and now you'll import the first and third cert from the previous example.

5) Make sure to restart the tomcat server via CLI.

6) Delete the certs from the SFTP server.

All this can be accomplished with a simple SSH script.

The thing is that I'm unsure what happens if you export multiple files with different spellings to your SFTP server if the OS which hosts the server isn't case-sensitive (such as Windows). In fact this solution is irrelevant in that scenario unless you program something. But for a linux based SFTP server, it should do the job.

"set cert delete" command deleting the wrong cert