I was recently trying to replace some service certificates and I accidentally associated the certificate with the wrong service. When trying to delete the certificate I was presented with an error “Certificate delete failed: Certificate cannot be deleted because it is used by 1 MP node”
The first step I did was try to figure out what service is associated with the certificate. For that I leveraged the instructions in KB 75277. Performing a GET /api/v1/trust-management/certificates/{cert-id}
I was able to identify that CBM_API service was using the certificate.
To remove it I had to run curl -k -X POST -H "Content-Type: application/json" -H 'X-NSX-Username:admin' -H 'X-NSX-Groups:superuser' -d '{"service_type":"CBM_API","node_id":"{node_id}"}' "http://localhost:7440/nsxapi/api/v1/trust-management/certificates/
{certificate_id}?action=release"
The command allowed me to unregister the component and allowed me to delete the old certificate.