Re: How to Delete self-signed cert under SSL trustpoint?

Day-dreamer · ‎09-10-2018

Hello guys,

I have no idea how to delete RSA1024 bit here as highlighted in picture.

Due to weak hashing algorithm of VA Scan , we need to remove the RSA1024 bit

Please help .

Rob Ingram · ‎09-10-2018

Hi,
Use the command "crypto key zeroize rsa" to remove all keys on an ASA. You could use the command "crypto key zeroize rsa label XXXX" to delete a specfic key or "crypto key zerorize rsa default" for the default key.
HTH

Day-dreamer · ‎09-10-2018

Hi , I will try the command
Thanks,

Day-dreamer · ‎09-10-2018

Hi ,

I tried the command "crypto key zerorize rsa default" but the result is still the same.

Do you have ideas ?

Mohammed al Baqari · ‎09-10-2018

Use the command sh crypto ca certificates. Once you get the trustpoint name issue the command clear configure crypto ca trustpoint xxxxxx

Here is an example

ASA5545X/act/sec# sh crypto ca certificates
CA Certificate
Status: Available
Certificate Serial Number: 29614139b9077caa45b1987169447513
Certificate Usage: Signature
Public Key Type: RSA (2048 bits)
Signature Algorithm: SHA1 with RSA Encryption
Issuer Name:
cn=.......
dc=.......
dc=.......
Subject Name:
cn=.......
dc=.......
dc=.......
Validity Date:
start date: 10:05:40 GST May 29 2018
end date: 23:39:02 GST Feb 28 2034
Storage: config
Associated Trustpoints: **************** (this is the TP name)

Day-dreamer · ‎09-10-2018

Hello Mohammend,

There is no trustpoint showing

Mohammed al Baqari · ‎09-10-2018

Then follow the steps by RJI using the command crypto key zeroize rsa
#label#

Day-dreamer · ‎09-10-2018

it is working if we show below command

show crypto key mypubkey rsa (The certs are deleted)

but it is not working with show crypto ssl (Output is the same , I want to delete RSA1024 and generate new one with 2048 bits)

abhijeettanawade · ‎06-03-2022

Same problem i faced did you found solution >?