I recently received a new used 4507R+E with dual sup7-E's. When reviewing the running configuration I noticed two trustpoints, CISCO_IDEVID_SUDI & CISCO_IDEVID_SUDI0, that look like they could be native to the chassis from Cisco but I have never seen these before on other switches. I wiped the switch issuing the erase /all non-default command but the trustpoints remain. Does anyone know what these certificates are for and if it's safe to remove them?
I also have the following files present:
16915456 bytes total (16660992 bytes free)
Directory of nvram:/
512 -rw- 4598 <no date> startup-config
513 ---- 3755 <no date> private-config
514 -rw- 4598 <no date> underlying-config
1 ---- 202 <no date> persistent-data
2 ---- 0 <no date> rf_cold_starts
3 -rw- 1058 <no date> cpu_threshold_trap.eci
5 -rw- 1528 <no date> license_trap.eci
7 -rw- 886 <no date> memory_trap.eci
8 -rw- 858 <no date> rf_trap.eci
9 -rw- 108 <no date> ma_trap_keyword
10 -rw- 1110 <no date> CiscoManufac#E663.cer
12 -rw- 1245 <no date> CiscoRootCA2#3CA.cer
14 -rw- 839 <no date> CiscoRootCA2#ADFFCA.cer
15 -rw- 0 <no date> ifIndex-table.gz
I believe manufacturing is starting to pre-install these to enhance customer adoption of the Smart Call Home (SCH) feature which can use https and requires a device certificate in that instance (and the certificate signing chain which are the other .cer files you see).
Lots more docs here.
Bottom line - if you don't want to use SCH you can safely delete them.