×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Is trustpoint CISCO_IDEVID_SUDI needed?

Answered Question
Oct 14th, 2014
User Badges:

I recently received a new used 4507R+E with dual sup7-E's.  When reviewing the running configuration I noticed two trustpoints, CISCO_IDEVID_SUDI & CISCO_IDEVID_SUDI0, that look like they could be native to the chassis from Cisco but I have never seen these before on other switches.  I wiped the switch issuing the erase /all non-default command but the trustpoints remain.  Does anyone know what these certificates are for and if it's safe to remove them?

I also have the following files present:


16915456 bytes total (16660992 bytes free)
Directory of nvram:/

  512  -rw-        4598                    <no date>  startup-config
  513  ----        3755                    <no date>  private-config
  514  -rw-        4598                    <no date>  underlying-config
    1  ----         202                    <no date>  persistent-data
    2  ----           0                    <no date>  rf_cold_starts
    3  -rw-        1058                    <no date>  cpu_threshold_trap.eci
    5  -rw-        1528                    <no date>  license_trap.eci
    7  -rw-         886                    <no date>  memory_trap.eci
    8  -rw-         858                    <no date>  rf_trap.eci
    9  -rw-         108                    <no date>  ma_trap_keyword
   10  -rw-        1110                    <no date>  CiscoManufac#E663.cer
   12  -rw-        1245                    <no date>  CiscoRootCA2#3CA.cer
   14  -rw-         839                    <no date>  CiscoRootCA2#ADFFCA.cer
   15  -rw-           0                    <no date>  ifIndex-table.gz

 

Correct Answer by Marvin Rhoads about 2 years 10 months ago

I believe manufacturing is starting to pre-install these to enhance customer adoption of the Smart Call Home (SCH) feature which can use https and requires a device certificate in that instance (and the certificate signing chain which are the other .cer files you see).

Lots more docs here.

Bottom line - if you don't want to use SCH you can safely delete them.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Marvin Rhoads Tue, 10/14/2014 - 16:56
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

I believe manufacturing is starting to pre-install these to enhance customer adoption of the Smart Call Home (SCH) feature which can use https and requires a device certificate in that instance (and the certificate signing chain which are the other .cer files you see).

Lots more docs here.

Bottom line - if you don't want to use SCH you can safely delete them.

Actions

This Discussion

Related Content