Removing TLS certificates from MC

In some cases, it may be appropriate to disable TLS for a database in MC.

In some cases, it may be appropriate to disable TLS for a database in MC. Disabling TLS for the database disassociates all the certificates configured for that database. For more information, see Enabling or disabling TLS for a database in MC.

Disassociating a certificate from a database in MC

Before you can remove a certificate from MC, you must be sure the certificate is not associated with (being used by) any databases. The MC administrator can disassociate a certificate from a database in MC using either of these methods:

Configuring a new certificate on the database in MC

When you configure a new certificate to serve a specific purpose on a database in MC, the new certificate replaces the old certificate. The newly configured certificate is now associated with the database, and the old certificate is no longer associated and can be removed.

Navigate to Databases and Clusters > DbName > Database Settings > Configure TLS.

For details, see Configuring TLS for a monitored database in MC

Removing the TLS configuration on the database

You can remove one or more TLS certificates from the MC, provided the certificates are not associated with a database. To remove a certificate:

From the MC home page, navigate to MC Settings > SSL/TLS Certificates.
In the Manage TLS Certificates for Database Connection section, locate the row or rows for one or more CA or client certificates you want to remove. This example shows only the CA Certificates pane:
If the Database associated field is empty for that certificate, you can click to select the certificate for removal, and click Remove Selected. In the illustration above, CA_cert_02 and CA_cert_01 are selected for removal.

Note

If you remove one client certificate that is part of a certificate chain, MC removes the entire certificate chain.