Cisco Support Community
Community Member

Deleting security / trust certificates. They keep coming back

Hello Everyone,


I have an issue where I have some certs that were installed in the cluster (IPsec-trust, TVS-trust, Tomcat-trust, i.e.)  When I delete these off the pub and the subs,  they keep coming back. I have turned off replication and TVS services,  but as soon as I delete these certs they come back. Is there something such as a service that I should be shutting down that I am not??


Can anyone tell me what I am doing wrong?  I can't figure this out to save my life.


Thanks in advance for any help!!





Everyone's tags (1)

The eg tomcat certificates of

The eg tomcat certificates of the other nodes in the cluster are automatically imported as tomcat-trust and similar.

You could check the serial numbers to check if this is the case.

Hall of Fame Super Silver

These are most likely self

These are most likely self signed certs which are required if you don't upload CA signed certs. You can look at the certs to validate who signed them.


Community Member

I found the correct services

I found the correct services that need to be turned off to be able to delete certs and not have them automatically be replicated from the cluster.  The services are as follows:

Stop the Cisco Certificate Expiry Monitor and Cisco Certificate Change Notification services on all of the servers in the cluster


Refer to this Cisco document...

CreatePlease to create content