Revoking and Deleting a DKIM Key
This page describes how to revoke and delete a DKIM key that’s no longer in use. If you found this page because you were searching for information on how to replace a DKIM key, then you should review the Replacing DKIM Keys page before proceeding.
Web Browser DKIM Configuration
If your DKIM keys were created in GreenArrow’s web interface (most are), then they will also need to be deleted in the web interface:
- Login to GreenArrow Engine’s web interface.
- Navigate to
Configure
=>DKIM Keys
:
- Locate the DKIM key that you wish to revoke, and click the
View
link:
- Delete the public key DNS record that is listed on the page. The screenshot’s public key will differ from the public key that corresponds to your DKIM key:
- Click on the
Delete
button that appears towards the bottom of the page:
- Click on the confirmation prompt’s
Delete
button:
Command Line DKIM Configuration
If your DKIM keys were created on the command line, then they will also need to be revoked on the command line:
- To revoke a DKIM key, you’ll need to delete its public key in DNS. Two examples are provided below:
-
To display the DNS record that will need to be deleted for
example.com
’sdefault
selector, run the command below:/var/hvmail/bin/dkeasy_show_dns_record.legacy example.com
-
To display the DNS record that will need to be deleted for
example.com
’sgreenarrow
selector, run the command below:/var/hvmail/bin/dkeasy_show_dns_record.legacy example.com greenarrow
-
- The next step is to delete the private key that’s used to digitally sign messages. Make sure you’re deleting the appropriate file during this step. Two examples are provided below:
-
To delete the private key for
example.com
, using thedefault
selector, run the command below:rm /var/hvmail/control/domainkeys/example.com/default
-
To delete the private key for
example.com
, using thegreenarrow
selector, run the command below:rm /var/hvmail/control/domainkeys/example.com/greenarrow
-