Zeroization

Certificate and key removal is discussed as part of the [no] form of each certificate installation command above. The [no] forms described above delete certificates and keys. The “Zeroize” command simply deletes (unlinks) key files. Full file system zeroization is performed by following with FIPS/Secure Mode commands.

The [no] form is supported only for TA profile and identity profile. It is not supported for local certificate. Zeroization erases keys and related PKI data such as CSRs and TA profiles from the file system.

Syntax:


crypto pki zeroize

This command returns crypto pki configuration to the factory default state by deleting all certificates and related private keys. The Trust Anchor profile and switch identity profile configurations are also removed.

zeroize: Removes all pki configuration, including profiles, certificates and keys.

NOTE:

The [no] form is not available for the certificate command. To remove a certificate from the switch, use the clear command.