cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6560
Views
6
Helpful
3
Replies

Is trustpoint CISCO_IDEVID_SUDI needed?

gchevalley
Level 1
Level 1

I recently received a new used 4507R+E with dual sup7-E's.  When reviewing the running configuration I noticed two trustpoints, CISCO_IDEVID_SUDI & CISCO_IDEVID_SUDI0, that look like they could be native to the chassis from Cisco but I have never seen these before on other switches.  I wiped the switch issuing the erase /all non-default command but the trustpoints remain.  Does anyone know what these certificates are for and if it's safe to remove them?

I also have the following files present:


16915456 bytes total (16660992 bytes free)
Directory of nvram:/

  512  -rw-        4598                    <no date>  startup-config
  513  ----        3755                    <no date>  private-config
  514  -rw-        4598                    <no date>  underlying-config
    1  ----         202                    <no date>  persistent-data
    2  ----           0                    <no date>  rf_cold_starts
    3  -rw-        1058                    <no date>  cpu_threshold_trap.eci
    5  -rw-        1528                    <no date>  license_trap.eci
    7  -rw-         886                    <no date>  memory_trap.eci
    8  -rw-         858                    <no date>  rf_trap.eci
    9  -rw-         108                    <no date>  ma_trap_keyword
   10  -rw-        1110                    <no date>  CiscoManufac#E663.cer
   12  -rw-        1245                    <no date>  CiscoRootCA2#3CA.cer
   14  -rw-         839                    <no date>  CiscoRootCA2#ADFFCA.cer
   15  -rw-           0                    <no date>  ifIndex-table.gz

 

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

I believe manufacturing is starting to pre-install these to enhance customer adoption of the Smart Call Home (SCH) feature which can use https and requires a device certificate in that instance (and the certificate signing chain which are the other .cer files you see).

Lots more docs here.

Bottom line - if you don't want to use SCH you can safely delete them.

View solution in original post

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

I believe manufacturing is starting to pre-install these to enhance customer adoption of the Smart Call Home (SCH) feature which can use https and requires a device certificate in that instance (and the certificate signing chain which are the other .cer files you see).

Lots more docs here.

Bottom line - if you don't want to use SCH you can safely delete them.

Hi,

 

I have a similar issue to this but when I remove the certificate 'no crypto pki cert CISCO_IDEVID_SUDI’  upon reload of the device it returns, how can I permanently remove it?  This cert is causing us issues.

 

Thanks

gchevalley
Level 1
Level 1

That's what I thought.

 

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: