Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

unable to delete certificate from cisco router

i have configured a cisco router with the following configuration to practice obtaining
certificates from a microsoft 2008 server configured as a stand alone CA.

this part works okay but what i am trying to do next is giving me a headache
i am trying to delete the identity certificate but am having no luck whatsoever

interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
ip nat outside
no shut

interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
no shut

access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 any

hostname Purley
ip domain-name acme.com

crypto key generate rsa general-keys

crypto ca trustpoint Purley
enrollment terminal
crl optional
enrollment retry period 1
enrollment retry count 10
subject-name cn=purley.acme.com, ou=sales, o=acme ltd, l=purley, st=surrey, c=GB
exit

crypto ca authenticate Purley

crypto ca enroll Purley

crypto ca import Purley certificate

crypto isakmp enable
crypto isakmp identity hostname

crypto isakmp policy 10
authentication rsa-sig
encryption 3des
hash md5
group 2
lifetime 86400

crypto ipsec transform-set BOSTON esp-3des esp-md5-hmac

crypto map VPN 10 ipsec-isakmp
set peer 192.168.2.2
set transform-set BOSTON
match address 101

route-map nonat permit 10
match ip address 102

ip nat inside source route-map nonat interface FastEthernet0 overload

ip route 0.0.0.0 0.0.0.0 192.168.2.2

interface FastEthernet0/0
crypto map VPN

copy run start

Purley#show crypto ca certificate
Certificate
  Status: Available
  Certificate Serial Number: 61E0446A000000000002
  Certificate Usage: General Purpose
  Issuer:
    cn=WIN-SQV1ABKN6Q4-CA
    dc=ACME
    dc=COM
  Subject:
    Name: purley.acme.com
    cn=purley.acme.com
    ou=sales
    o=acme ltd
    l=purley
    st=surrey
    c=GB
  CRL Distribution Point:
    file://WIN-SQV1ABKN6Q4/CertEnroll/WIN-SQV1ABKN6Q4-CA.crl
  Validity Date:
    start date: 14:46:13 UTC May 14 2012
    end   date: 14:56:13 UTC May 14 2013
  Associated Trustpoints: Purley

CA Certificate
  Status: Available
  Certificate Serial Number: 222F01C2CED6A5B94F83A17D00339E6B
  Certificate Usage: Signature
  Issuer:
    cn=WIN-SQV1ABKN6Q4-CA
    dc=ACME
    dc=COM
  Subject:
    cn=WIN-SQV1ABKN6Q4-CA
    dc=ACME
    dc=COM
  Validity Date:
    start date: 12:48:03 UTC May 14 2012
    end   date: 12:58:02 UTC May 14 2017
  Associated Trustpoints: Purley

i entered the following commands on the router to delete the certificate
but as you can see its telling me the certificate dosn't exist
(this method of deleting the cert has come from Richard Deals
complete cisco vpn configuration guide)


Purley(config)#crypto ca certificate chain Purley
Purley(config-cert-chain)#no certificate 61E0446A000000000002
% Certificate not found.


has anyone any ideas as i am stumpted

Regards

Melvyn brown

ps the router is a 3640 running c3640-jk9o3s-mz.124-7.bin

1 REPLY
Super Bronze

unable to delete certificate from cisco router

To delete the certificate, the following is the command:

no crypto ca trustpoint Purley

Hope that helps.

3888
Views
0
Helpful
1
Replies