Removing Self-assigned RSA Key
01 May 2014
When enabling Cisco router's http server, it automatically generates a self-signed certificate which is good but when you decided to turn off the http server, it will then leave a self-signed certificate making running-config a bit messy. Here are the steps to remove the self-signed certificated if it's no longer needed.
cisco887(config)#show crypto key mypubkey rsa
cisco887(config)#no crypto pki trustpoint TP-self-signed-483521904
% Removing an enrolled trustpoint will destroy all certificates
received from the related Certificate Authority.
Are you sure you want to do this? [yes/no]: yes
% Be sure to ask the CA administrator to revoke your certificates.
cisco887(config)#crypto key zeroize rsa TP-self-signed-483521904
% Keys to be removed are named named 'TP-self-signed-4294967295'.
% All router certs issued using these keys will also be removed.
Do you really want to remove these keys? [yes/no]: yes