DETAILED STEPS
PurposeCommand or Action
Enables privileged EXEC mode.enable
Example:
Device> enable
Step 1
•
Enter your password if prompted.
Enters global configuration mode.configure terminal
Example:
Device# configure terminal
Step 2
Deletes all Rivest, Shamir, and Adelman (RSA) keys from
your device.
crypto key zeroize rsa [key-pair-label]
Example:
Device(config)# crypto key zeroize rsa
Step 3
Exits global configuration mode and returns to privileged
EXEC mode.
end
Example:
Device(config)# end
Step 4
What to Do Next
After you delete RSA keys from the device, you should also complete the following two additional tasks:
•
Ask the CA administrator to revoke the device certificates at the CA; you must supply the challenge
password that you created when you originally obtained the device certificates with the crypto pki
enroll command.
•
Manually remove the device certificates from the device configuration.
Deleting Public Keys for a Peer
Under certain circumstances you may want to delete RSA public keys of peer devices from your device
configuration. For example, if you no longer trust the integrity of the public key of a peer, you should delete
the key.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
crypto key pubkey-chain rsa
4.
no named key key-name [encryption | signature]
5.
end
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1156
Monitoring and Maintaining Certification Authority