10-14-2014 02:52 PM - edited 03-07-2019 09:06 PM
I recently received a new used 4507R+E with dual sup7-E's. When reviewing the running configuration I noticed two trustpoints, CISCO_IDEVID_SUDI & CISCO_IDEVID_SUDI0, that look like they could be native to the chassis from Cisco but I have never seen these before on other switches. I wiped the switch issuing the erase /all non-default command but the trustpoints remain. Does anyone know what these certificates are for and if it's safe to remove them?
I also have the following files present:
16915456 bytes total (16660992 bytes free)
Directory of nvram:/
512 -rw- 4598 <no date> startup-config
513 ---- 3755 <no date> private-config
514 -rw- 4598 <no date> underlying-config
1 ---- 202 <no date> persistent-data
2 ---- 0 <no date> rf_cold_starts
3 -rw- 1058 <no date> cpu_threshold_trap.eci
5 -rw- 1528 <no date> license_trap.eci
7 -rw- 886 <no date> memory_trap.eci
8 -rw- 858 <no date> rf_trap.eci
9 -rw- 108 <no date> ma_trap_keyword
10 -rw- 1110 <no date> CiscoManufac#E663.cer
12 -rw- 1245 <no date> CiscoRootCA2#3CA.cer
14 -rw- 839 <no date> CiscoRootCA2#ADFFCA.cer
15 -rw- 0 <no date> ifIndex-table.gz
Solved! Go to Solution.
10-14-2014 04:56 PM
I believe manufacturing is starting to pre-install these to enhance customer adoption of the Smart Call Home (SCH) feature which can use https and requires a device certificate in that instance (and the certificate signing chain which are the other .cer files you see).
Lots more docs here.
Bottom line - if you don't want to use SCH you can safely delete them.
10-14-2014 04:56 PM
I believe manufacturing is starting to pre-install these to enhance customer adoption of the Smart Call Home (SCH) feature which can use https and requires a device certificate in that instance (and the certificate signing chain which are the other .cer files you see).
Lots more docs here.
Bottom line - if you don't want to use SCH you can safely delete them.
12-22-2017 02:38 AM
Hi,
I have a similar issue to this but when I remove the certificate 'no crypto pki cert CISCO_IDEVID_SUDI’ upon reload of the device it returns, how can I permanently remove it? This cert is causing us issues.
Thanks
10-17-2014 01:25 PM
That's what I thought.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: