Deleting Certificates From The Ca Configuration; Deleting Rsa Key-Pairs From Your Switch - Cisco AP775A - Nexus Converged Network Switch 5010 Configuration Manual

Configuring CAs and Digital Certificates
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Click the Trust Point Actions tab in the Information pane.
Step 2
Select the crlimport option from the Command drop-down menu to import the CRL to the selected trust
Step 3
point.
Enter the input file name with the CRL in the bootflash:filename format, in the URL field.
Step 4
Click Apply Changes to save the changes.
Step 5

Deleting Certificates from the CA Configuration

You can delete the identity certificates and CA certificates that are configured in a trust point. You must
first delete the identity certificate, followed by the CA certificates. After deleting the identity certificate,
you can disassociate the RSA key-pair from a trust point. The certificate deletion is necessary to remove
expired or revoked certificates, certificates whose key-pairs are compromised (or suspected to be
compromised) or CAs that are no longer trusted.
To delete the CA certificate (or the entire chain in the case of a subordinate CA) from a trust point using
Fabric Manager, follow these steps:
Step 1 Click Switches > Security > PKI in the Physical Attributes pane.
Step 2 Click the Trust Point Actions tab in the Information pane.
Step 3 Select the cadelete option from the Command drop-down menu to delete the identity certificate from a
trust point.
Note
Click Apply Changes to save the changes.
Step 4
To delete the identity certificate, click the Trust Point Actions tab and select the certdelete or
forcecertdelete in the Command drop-down menu.

Deleting RSA Key-Pairs from Your Switch

Under certain circumstances you may want to delete your switch's RSA key-pairs. For example, if you
believe the RSA key-pairs were compromised in some way and should no longer be used, you should
delete the key-pairs.
To delete RSA key-pairs from your switch, follow these steps:
Expand Switches > Security and then select PKI in the Physical Attributes pane.
Step 1
Step 2 Click the RSA Key-Pair tab in the Information pane.
Step 3 Click Delete Row.
Cisco MDS 9000 Family Fabric Manager Configuration Guide
43-16
If the identity certificate being deleted is the last-most or only identity certificate in the device,
you must use the forcecertdelete action to delete it. This ensures that the administrator does not
mistakenly delete the last-most or only identity certificate and leave the applications (such as
IKE and SSH) without a certificate to use.
Chapter 43 Configuring Certificate Authorities and Digital Certificates
OL-17256-03, Cisco MDS NX-OS Release 4.x