Solved: Crypto Key Zeroize rsa

Kenny_M8 · ‎12-12-2019

Hi all,

Currently we have some issue with ssh connection to some switch, i think rsa keys could be problem. I want to do crypto key zeroize command, but I'm afraid it will also delete crypto pki self signed part:

crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
crypto pki trustpoint TP-self-signed-4323392102
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4323392102
revocation-check none
rsakeypair TP-self-signed-4323392102
!
!
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 0D06092A D8F256EE 6811D95B ...

I'm not sure if we need this part at all (we don't use ip http server) ?

So my question is if I do crypto key zeroize rsa, is above key going to be deleted and after generating new crypto key is it going to generate this one as well?

Thanks,

Kenny

Georg Pauwen · ‎12-12-2019

Hello,

I just tested this, zeroizing the RSA key does not touch or affect pki self signed part.

View solution in original post

Jaderson Pessoa · ‎12-12-2019

@Kenny_M8 Hello

I hope that it can help you.

I

More information: https://books.google.com.br/books?id=GE41mDeQrLwC&pg=PA192&dq=crypto+key+zeroize+rsa&hl=pt-BR&sa=X&ved=0ahUKEwiB4avZmrDmAhXZG7kGHbiJDb0Q6AEIPzAC#v=onepage&q=crypto%20key%20zeroize%20rsa&f=false

Regards,

Jaderson Pessoa

Jaderson Pessoa
*** Rate All Helpful Responses ***

Georg Pauwen · ‎12-12-2019

Hello,

I just tested this, zeroizing the RSA key does not touch or affect pki self signed part.

Kenny_M8 · ‎12-13-2019

Thanks on answers guys.

Like Georg said, it has no affect on pki. Everything is good after deleting and generating new key.