Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13892
Views
0
Helpful
2
Replies

unable to delete certificate from cisco router

melvynbrown
Level 1
Level 1

‎05-14-2012 11:38 AM

i have configured a cisco router with the following configuration to practice obtaining
certificates from a microsoft 2008 server configured as a stand alone CA.

this part works okay but what i am trying to do next is giving me a headache
i am trying to delete the identity certificate but am having no luck whatsoever

interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
ip nat outside
no shut

interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
no shut

access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 any

hostname Purley
ip domain-name acme.com

crypto key generate rsa general-keys

crypto ca trustpoint Purley
enrollment terminal
crl optional
enrollment retry period 1
enrollment retry count 10
subject-name cn=purley.acme.com, ou=sales, o=acme ltd, l=purley, st=surrey, c=GB
exit

crypto ca authenticate Purley

crypto ca enroll Purley

crypto ca import Purley certificate

crypto isakmp enable
crypto isakmp identity hostname

crypto isakmp policy 10
authentication rsa-sig
encryption 3des
hash md5
group 2
lifetime 86400

crypto ipsec transform-set BOSTON esp-3des esp-md5-hmac

crypto map VPN 10 ipsec-isakmp
set peer 192.168.2.2
set transform-set BOSTON
match address 101

route-map nonat permit 10
match ip address 102

ip nat inside source route-map nonat interface FastEthernet0 overload

ip route 0.0.0.0 0.0.0.0 192.168.2.2

interface FastEthernet0/0
crypto map VPN

copy run start

Purley#show crypto ca certificate
Certificate
  Status: Available
  Certificate Serial Number: 61E0446A000000000002
  Certificate Usage: General Purpose
  Issuer:
    cn=WIN-SQV1ABKN6Q4-CA
    dc=ACME
    dc=COM
  Subject:
    Name: purley.acme.com
    cn=purley.acme.com
    ou=sales
    o=acme ltd
    l=purley
    st=surrey
    c=GB
  CRL Distribution Point:
    file://WIN-SQV1ABKN6Q4/CertEnroll/WIN-SQV1ABKN6Q4-CA.crl
  Validity Date:
    start date: 14:46:13 UTC May 14 2012
    end   date: 14:56:13 UTC May 14 2013
  Associated Trustpoints: Purley

CA Certificate
  Status: Available
  Certificate Serial Number: 222F01C2CED6A5B94F83A17D00339E6B
  Certificate Usage: Signature
  Issuer:
    cn=WIN-SQV1ABKN6Q4-CA
    dc=ACME
    dc=COM
  Subject:
    cn=WIN-SQV1ABKN6Q4-CA
    dc=ACME
    dc=COM
  Validity Date:
    start date: 12:48:03 UTC May 14 2012
    end   date: 12:58:02 UTC May 14 2017
  Associated Trustpoints: Purley

i entered the following commands on the router to delete the certificate
but as you can see its telling me the certificate dosn't exist
(this method of deleting the cert has come from Richard Deals
complete cisco vpn configuration guide)


Purley(config)#crypto ca certificate chain Purley
Purley(config-cert-chain)#no certificate 61E0446A000000000002
% Certificate not found.


has anyone any ideas as i am stumpted

Regards

Melvyn brown

ps the router is a 3640 running c3640-jk9o3s-mz.124-7.bin

Labels:
0 Helpful
2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

‎05-14-2012 10:34 PM

To delete the certificate, the following is the command:

no crypto ca trustpoint Purley

Hope that helps.

0 Helpful

sarkaniok
Level 1
Level 1
In response to Jennifer Halim

‎12-21-2017 01:38 AM

no crypto pki certificate chain <CA Server Name>

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents