gcloud privateca roots disable

NAME
gcloud privateca roots disable - disable a root certificate authority
SYNOPSIS
gcloud privateca roots disable (CERTIFICATE_AUTHORITY : --location=LOCATION --pool=POOL) [--ignore-dependent-resources] [GCLOUD_WIDE_FLAG]
DESCRIPTION
Disables a root certificate authority. The root certificate authority will not be allowed to issue certificates once disabled. It may still revoke certificates and/or generate CRLs. The CA certfificate will still be included in the FetchCaCertificates response for the parent CA Pool.
EXAMPLES
To disable a root CA:
gcloud privateca roots disable prod-root --pool=prod-root-pool --location=us-west1
POSITIONAL ARGUMENTS
CERTIFICATE AUTHORITY resource - The certificate authority to disable. The arguments in this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways.

To set the project attribute:

  • provide the argument CERTIFICATE_AUTHORITY on the command line with a fully specified name;
  • provide the argument --project on the command line;
  • set the property core/project.

This must be specified.

CERTIFICATE_AUTHORITY
ID of the CERTIFICATE_AUTHORITY or fully qualified identifier for the CERTIFICATE_AUTHORITY.

To set the certificate_authority attribute:

  • provide the argument CERTIFICATE_AUTHORITY on the command line.

This positional argument must be specified if any of the other arguments in this group are specified.

--location=LOCATION
The location of the CERTIFICATE_AUTHORITY.

To set the location attribute:

  • provide the argument CERTIFICATE_AUTHORITY on the command line with a fully specified name;
  • provide the argument --location on the command line;
  • set the property privateca/location.
--pool=POOL
The parent CA Pool of the CERTIFICATE_AUTHORITY.

To set the pool attribute:

  • provide the argument CERTIFICATE_AUTHORITY on the command line with a fully specified name;
  • provide the argument --pool on the command line.
FLAGS
--ignore-dependent-resources
This field skips the integrity check that would normally prevent breaking a CA Pool if it is used by another cloud resource and allows the CA Pool to be in a state where it is not able to issue certificates. Doing so may result in unintended and unrecoverable effects on any dependent resource(s) since the CA Pool would not be able to issue certificates.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.