Unable to Delete Client Certificate

I created client certificates to enable mTLS between CF and my client.

However, I am unable to delete certificates through the GUI as pointed out by these posts:

I tried to delete the certificate through the API, but can’t list existing certificates to obtain the ID which is required by the DELETE endpoint.

I submitted a CF support request, but only get automated responses.

Thank you very much.

Why can’t you? The List API call isn’t working for you?

I am talking about client certificates:

GUI: Zone → SSL/TLS → Client Certificates

It is not about Access Client Certificate (Did not enable Access at all) or mTLS Certificates for Authenticated Origin Pull. It is about the certificates deployed to the client to authenticate the client to the cloudflare network.

I really spent some time digging through the API and trying each and every example with client/certificate/mTLS in it. If I missed something I would be very glad if you can give me a hint to the correct API.

Thank you very much for your time.

I observed the API calls during client certificate creation. It seems, that the required endpoint is this:

GET /client/v4/zones/:zoneid/client_certificates
GET /client/v4/zones/:zoneid/client_certificates/:cert-sn

I can get a list of active client certificates and also access one specific cert. There is also a DELETE endpoint. However, using the DELETE endpoint only revokes the client certificate, which can also be achieved by using the GUI button. When triggering the DELETE endpoint twice for the same certificate id, it returns a message stating that the cert is already “deleted”, which is clearly not the case.

Moreover, I did not find anything regarding this specific endpoint in the API documentation.

@sdayman are you aware of this? It seems that client certificates can’t be deleted, at least not by end-users. Correct?

Thanks for your time.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.