Cisco MDS 9000 Series Configuration Manual page 147

Configuring Certificate Authorities and Digital Certificates
Configuring a CRL
To import the CRL from a file to a trust point, follow these steps:
Procedure
Step 1 switch# copy tftp:adminca.crl bootflash:adminca.crl
Downloads the CRL.
Step 2
switch# configure terminal
switch(config)#
Enters configuration mode.
Step 3 switch(config)# crypto ca crl request admin-ca bootflash:adminca.crl
Configures or replaces the current CRL with the one specified in the file.
Deleting Certificates from the CA Configuration
You can delete the identity certificates and CA certificates that are configured in a trust point. You must first
delete the identity certificate, followed by the CA certificates. After deleting the identity certificate, you can
disassociate the RSA key-pair from a trust point. The certificate deletion is necessary to remove expired or
revoked certificates, certificates whose key-pairs are compromised (or suspected to be compromised) or CAs
that are no longer trusted.
To delete the CA certificate (or the entire chain in the case of a subordinate CA) from a trust point, follow
these steps:
Procedure
Step 1 switch# configure terminal
switch(config)#
Enters configuration mode.
Step 2
switch(config)# crypto ca trustpoint myCA
Enters trustpoint configuration submode.
Step 3 switch(config-trustpoint)# delete ca-certificate
Deletes the CA certificate or certificate chain.
Step 4
switch(config-trustpoint)# delete certificate
Deletes the identity certificate.
Step 5
switch(config-trustpoint)# delete certificate force
Forces the deletion of the identity certificate.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
Configuring a CRL
129