Crypto Key Zeroize Rsa - Cisco MDS 9124 - Fabric Switch Reference

Chapter 4 C Commands
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m

crypto key zeroize rsa

To delete an RSA key pair from the switch, use the crypto key zeroize rsa command in configuration
mode.
Syntax Description key-pair-label
Defaults None.
Command Modes Configuration mode.
Command History Release
3.0(1)
Usage Guidelines
If you believe the RSA key pair on your switch was compromised in some way and should no longer be
used, you should delete it.
After you delete the RSA key pair on the switch, ask the CA administrator to revoke your switch's
certificates at the CA. You must supply the challenge password you created when you originally
requested the switch's certificates.
Before deleting a key pair, you should delete the identity certificates corresponding to it in various trust
points if the identity certificates exist, and then disassociate the key pair from those trust points. The
purpose of this is to prevent accidental deletion of a key pair for which there exists an identity certificate
in a trust point.
The trust point configuration, certificates, and key pair configurations are made persistent only after
Note
saving to the startup configuration. To be consistent with this configuration behavior, the delete behavior
is also the same. That is, the deletions are made persistent only after saving to the startup configuration.
Use the copy running-config startup-config command to make the certificate and key pair deletions
persistent.
Examples
The following example shows how to delete an RSA key pair called testkey.
switch# config terminal
switch(config)# crypto key zeroize rsa testkey
OL-16217-01, Cisco MDS SAN-OS Release 3.x
crypto key zeroize rsa key-pair-label
Modification
This command was introduced.
Specifies the RSA key pair to delete. The maximum size is 64
characters.
Cisco MDS 9000 Family Command Reference
crypto key zeroize rsa
4-137