Cannot remove trustpoint from ASA

Answered Question
Jun 4th, 2009

I am trying to clear out all the trustpoints on my ASA to reconfigure the ASA phone-proxy. However, I cannot remove the ctl-file asdm_CTL_File.


When I enter the command clear configure crpyto ca trustpoint I receive this error.


ERROR: The trustpoint phoneproxy_trustpoint appears to be in use. Unable to remove this trustpoint.


ERROR: Trustpoint cannot be removed There are 1 open sessions.

ERROR: The trustpoint _internal_PP_asdm_CTL_File appears to be in use. Unable to remove this trustpoint.


ERROR: Trustpoint cannot be removed There are 1 open sessions.

INFO: Be sure to ask the CA administrator to revoke your certificates.


I'm sure it's one or two commands that I am missing. Any help would be great.



Correct Answer by husycisco about 7 years 8 months ago

Hello Brett

Have you tried removing CA certificate first?

clear configure crypto ca certificate "certname"


Also try clearing crls

clear crypto ca crls


An IPSEC transform-set in use by a crypto-map, containing RSA may also be causing this. Try removing the transform-set first


Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
husycisco Sat, 06/06/2009 - 03:51

Hello Brett

Have you tried removing CA certificate first?

clear configure crypto ca certificate "certname"


Also try clearing crls

clear crypto ca crls


An IPSEC transform-set in use by a crypto-map, containing RSA may also be causing this. Try removing the transform-set first


Regards

Farrukh Haroon Sun, 06/07/2009 - 01:45

If this issue is still not solved, do a "show tls-proxy sessions" and clear any in-use sessions.


Regards


Farrukh

Farrukh Haroon Fri, 06/12/2009 - 21:36

Please mention which command specifically solved your problem.


Please rate any solutions if you find them helpful.


Regards

Farrukh

Actions

This Discussion