I notice we have :
crypto pki trustpoint TP-self-signed-658104832
crypto pki certificate chain TP-self-signed-658104832
certificate self-signed 01
3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 36353831 30343833
89E2E95E DD67B633 D97DEDC6 33D76F
and in other switch none of those appear in there running configuration.
We always use the same commande to create certificate : "crypto key generate rsa general-keys modulus 1024"
from configuration terminal mode and all switches have the same IOS version on it.... we are always use a template to configure all of our switches and after that add some specific configuration to them depending the needs....
I notice the same switch last week was not have the certification in his running configuration and today the certificate appear on it.... the only thing I had on this switch is the loggin banner and the snmp-server location string.... which I think they have'nt any relation with switch certificate.
We have notice the same issue on our switch running 2950 plate-form
Yes you can remove these from the config. All you need to do is remove the certificate and trust point. You can just copy and paste the output below to remove the certificate from your config.
no crypto pki certificate chain TP-self-signed-658104832
no crypto pki trustpoint TP-self-signed-658104832