Link Search Menu Expand Document

Restoring Deleted CAs

If a Certificate Issuer is inadvertently deleted, you can re-create by simply specifying the same options as before e.g. for a Microsoft CA you would just need to create a new issuer with the same CA config and template configuration

However, if a Local CA is deleted - this will also delete the CA keys meaning that even if you re-created a Local CA with the same details as before, it would still result in a new (different) certificate generated using new keys

To protect against this Certdog retains deleted Local CAs, Key Stores and Certificate Issuers for a specified amount of time

This retention period is defined in the file which resides in the installation folder here: [Certdog installation]\config

In this file there is the following setting:

# Deleted items will be permanently removed after this many days

If you need to adjust this value, change the number of days and then restart the Certdog services

Restoring Deleted Items

If a Local CA, Key Store or Certificate Issuer have been accidentally deleted, they can be restored using the REST API or PowerShell scripts


For an example of calling the REST API check here

To obtain a list of the deleted Local CAs, login to obtain a JWT token then call:

GET [Base URL]/api/admin/localca/deleted



This returns a list of all deleted items (that have not yet been purged). Locate the item to be restored and note its ID

To restore that item, call:

POST [BASE URL]/api/admin/localca/restore/{id}

Where ID is the ID of the item to be restored e.g.


Perform similar operations to obtain and restore deleted Key Stores:

GET [Base URL]/api/admin/keystores/deleted
POST [BASE URL]/api/admin/keystores/restore/{id}

And certificate issuers:

GET [Base URL]/api/admin/ca/deleted
POST [BASE URL]/api/admin/ca/restore/{id}


Open a PowerShell window as Administrator, navigate to

[Certdog Install\bin]

Import the PowerShell Module:

Import-Module .\certdog-module.ps1



You will be prompted for username and password. These must be the credentials of a certdog administrator

To obtain deleted Local CAs run:


Locate the ID of the item to be restored and call:

Restore-DeletedLocalCA -id [Item ID]


Restore-DeletedLocalCA -id 60f07d2f40eb186c96aed6b3

Similarly for Key Stores:

Restore-DeletedKeyStore -id 6182e2240e70e9747d622d86

and Certificate Issuers:

Restore-DeletedCertIssuer -id 6182e1020e70e9747d622d52

To Force Delete

If you do not want to retain any material associated with a deleted Key Store or Local CA either set the property in to zero:


Note: If you then accidentally delete a Local CA - you will not be able to recover it

Or use the REST API to force delete the item. In this case use the regular delete calls but append /force to the end of the URL. For example, to force delete a Local CA call:

DELETE [Base URL]/api/admin/localca/{local ca id}/force



Similarly for Key Stores

DELETE [Base URL]/api/admin/keystores/{key store id}/force

And Certificate Issuers

DELETE [Base URL]/api/admin/ca/{cert issuer id}/force