12.2. Uninstalling Certificate System Subsystems

It is possible to remove individual subsystem instances or to uninstall all packages associated with an entire subsystem. Instances and subsystems are installed and uninstalled individually. For example, it is possible to uninstall a DRM subsystem while leaving an installed and configured CA subsystem. It is also possible to remove a single CA instance while leaving other CA instances on the machine.

12.2.1. Removing a Subsystem Instance

Removing an instance requires specifying the instance directory and the instance name. This command removes all files associated with the instance (without removing the subsystem packages).
pkiremove -pki_instance_root=pki_instance_root -pki_instance_name=pki_instance_ID -token_pwd=password -force
The pki_instance_root is the directory path of the instance, such as /var/lib/instance_name. The pki_instance_name is the instance name, such as pki-ca. The password is the password used to access the NSS database for the instance being removed. If the password isn't given with the command, then the script assumes that it is in the password.conf file; otherwise, the script prompts for the password.


Use -force with pkiremove to remove the instance without prompting for confirmation.

Example 12.1. Removing a CA Instance

pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca1 -force -token_pwd=secret

PKI instance Deletion Utility ...

PKI instance Deletion Utility cleaning up instance ...

Stopping pki-ca1:
process already stopped

Removing dir /var/lib/pki-ca1
Removing file /var/log/pki-ca1-install.log
Removing file /etc/init.d/pki-ca1
Removing file /usr/share/applications/pki-ca1-config.desktop
Removing file /usr/bin/dtomcat5-pki-ca1

pkiremove removes the instance and any related files, such as the certificate databases, certificates, keys, and associated users. It does not uninstall the subsystem packages.