cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13824
Views
0
Helpful
3
Replies

Negate 'crypto pki' lines

johnlloyd_13
Level 9
Level 9

all,

can someone help me remove these lines on our 2800 router. i believe this was generated when i put the command 'ip http secure-server' and then it generated 1024 bit crypto key.

crypto pki trustpoint TP-self-signed-1600565986

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1600565986

revocation-check none

rsakeypair TP-self-signed-1600565986

!

!

crypto pki certificate chain TP-self-signed-1600565986

certificate self-signed 01

30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 31363030 35363539 3836301E 170D3039 30333036 30383130

35355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36303035

36353938 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100BEAB AE0507DC 315D79DE F137B357 56AACF67 E4FEDF14 A1A25902 BFD2E3AD

FF1D44F5 3F9903AB 5D2B0E4B D0B9FF57 F70A45A0 A0920A06 D2B19000 6DABE4BE

B7D64F89 5559EA89 4A12B8EA E0D6621C 340CAD3E F4FBD717 A9CDBEEA C5B256CE

98829FFE 02681000 27669516 EE934895 DC9455BA B6347FAE 3DC6F4E5 DE641299

AA190203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603

551D1104 1E301C82 1A475250 54583238 2D30312E 68617274 652D6861 6E6B732E

636F6D30 1F060355 1D230418 30168014 FCFE2322 230FC742 FA9504AF 28153FAC

D88E9C5F 301D0603 551D0E04 160414FC FE232223 0FC742FA 9504AF28 153FACD8

8E9C5F30 0D06092A 864886F7 0D010104 05000381 81000BC8 1AF70C08 9A085A9D

9A49930B 039462B1 033707E0 AC3D1FC5 E3165931 3C848B8A 53AB093F 85744F6E

19D2AAEE B900A493 C93BD508 C4BE50B0 84273D65 D1C97F84 2D97AA31 CCE10071

F7A93AE2 24036F71 99E510BE E900B552 3840AEBB 27BEA81D B084EC89 8278B9C1

C7A6A7B6 8FBFA664 490DACCF 6AB66687 83E12302 9DD3

quit

1 Accepted Solution

Accepted Solutions

adamclarkuk_2
Level 4
Level 4

Hi

You are correct, ip http secure-server generated this.

If you want to remove these lines, then you just need to remove the trustpoint

router(config)#no crypto pki trustpoint TP-self-signed-1600565986

View solution in original post

3 Replies 3

adamclarkuk_2
Level 4
Level 4

Hi

You are correct, ip http secure-server generated this.

If you want to remove these lines, then you just need to remove the trustpoint

router(config)#no crypto pki trustpoint TP-self-signed-1600565986

AS a side note, you may want to remove the rsa key that was generated aswell.

View the key with the command

test#show crypto key mypubkey rsa

Key name: TP-self-signed-4294967295

Usage: General Purpose Key

Key is not exportable.

Key Data:

30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00B916D7

2B85842B 93107D66 D17ED68F BD6F8D2E 448FE02D 846B0C67 89ACDA69 CA7D46A9

149092FC 399E3EA1 01B708BA D8C191AA 6A34ED30 4D110782 10A1EDCB 1CCDB024

046EBC03 78F2A995 344BFB62 C2031435 B9A97BA7 A0DF38E0 B93B2FE3 61FA1772

67D85921 4559AC1D 53BD365F BC71AE16 9AC5A0C2 BADACDD8 5D476B7B 55020301 0001

and then clear it with the command

test(config)#crypto key zeroize rsa TP-self-signed-4294967295

% Keys to be removed are named named 'TP-self-signed-4294967295'.

% All router certs issued using these keys will also be removed.

Do you really want to remove these keys? [yes/no]: yes

thanks for your help! :-)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco