Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This article describes how to remove personally-identifiable information about a person from certificates produced by Nexus Certificate Manager (CM). For example, this could be used as part of a GDPR request (EU General Data Protection Regulation) when a person that no longer has a relation to the Certificate Authority (CA) wants to have their personal data erased at the CA.

This task is done in the Certificate Controller (CC) in Certificate Manager (CC).

Prerequisites

 Prerequisites

This task requires that:

  • The Certificate Controller (CC) is running.
  • The officer has the following role:
    • Manage user data retention

  • Enough information is known to identify the user.

  • There must be no certificates for the user's subject that are bound to an officer, that are still active or revoked as 'On hold'. All X.509 certificates bound to the user must be either revoked or expired. This requirement does not apply to certificates that are of another type than X.509, for example, PGP and CVC, as they can be removed at any given time.

Step-by-step instruction

 Remove identifiable information
  1. To locate the user's certificate, enter the search criteria in the CC application window in the Search pane and click Search. The matching certificate(s) will appear in the upper half of the result pane.

  2. Open the Action drop down list and select operation Remove Subject.

  3. Select certificates in the upper half of the result pane. (Press the Ctrl key on the keyboard to make multiple selections.)

  4. Click Add to move the certificate(s) to the lower half of the result pane.
  5. Click Submit.

  6. Enter your PIN code in Signature PIN.
  7. Click OK.
 Results
  • The effect of performing the task is that the subject data will be overwritten with empty values and "-- REMOVED --".
  • Already issued certificates will not be changed or removed, since they may still be required for the CA to fulfil its operational obligations.
  • After performing this task, searching for the subject data will no longer show the related certificates.
  • Keep in mind that one user can have several subjects, for example when a user has changed department.
  • If CM is running in multi-tenant mode with multiple configured domains, keep in mind that the user may have certificates in more than one domain with the same subject. In that case, all the user's certificates in all domains must be either revoked or expired before the subject can be removed.
  • No labels