Zeroization

Certificate and key removal is discussed as part of the no form of each certificate installation command above. The no forms described above delete certificates and keys. The “Zeroize” command simply deletes (unlinks) key files. Full file system zeroization is performed by following with FIPS/Secure Mode commands.

The no form is supported only for TA profile and identity profile. It is not supported for local certificate. Zeroization erases keys and related PKI data such as CSRs and TA profiles from the file system.

Syntax:


crypto pki zeroize

This command returns crypto pki configuration to the factory default state by deleting all certificates and related private keys. The Trust Anchor profile and switch identity profile configurations are also removed.

zeroize

Removes all pki configuration, including profiles, certificates and keys.

NOTE:

The no form is not available for the certificate command. To remove a certificate from the switch, use the clear command.