KB.15.15

Local enrollment is implemented in the web UI and the security — SSL page is updated for the web

UI SSL server application. The Web UI does not provide general PKI configurability for all

applications creation or management of other device certificates.

Removal of certificates/CSRs

To remove the certificates/CSRs, use the following command:

Syntax

(config)# crypto pki clear certificate-name [Cert-Name]

Clears the CSR or certificate and its related private key.

Definitions

certificate-name

Name of the local certificate.

Zeroization

Certificate and key removal is discussed as part of the [no] form of each certificate installation

command above. The [no] forms described above delete certificates and keys. The “Zeroize”

command simply deletes (unlinks) key files. Full file system zeroization is performed by following

with FIPS/Secure Mode commands.

Syntax

crypto pki zeroize

This command returns crypto pki configuration to the factory default state by deleting

all certificates and related private keys. The Trust Anchor profile and switch identity

profile configurations are also removed.

zeroize

Removes all pki configuration, including profiles, certificates and keys.

NOTE: The [no] form of a certification command removes a single certificate. This

command deletes the profiles and any certificates configured to use that profile.

File transfer

To load a Trust Anchor Certificate against a TA Profile, execute the following command.

NOTE: The TA profile must exist for the command to succeed.

Syntax

(config#)copy tftp ta-certificate

ta-profile-name<ip-addr/ipv6-addr>filename

copy sftp ta-certificate

ta-profile-nameip-addr/ipv6-addr|host-name-struser<user-name>|username@ip-strport

<TCP-port>FILE-NAME

Removal of certificates/CSRs 511