Disabling HTTPS certificates

Disable key pairs and trust points for HTTPS cryptography certificates, which disables the HTTPS security protocol.

To shutdown the HTTPS service without disabling the HTTPS certificates, execute the http server shutdown command.

When the Apache (web server) boots. it enables HTTPS service only in the presence of HTTPS crypto certificates.

HTTP and HTTPS are mutually exclusive.

Note

HTTPS certificates must be configured and enabled for web service to function on the device.

1. Delete the identity device certificate with the no crypto ca import command.
   

   device# no crypto ca import t1 certificate cert-type https
   device# show crypto ca certificates
   Trustpoint: t1
   certificate: none
   CA certificate:
   SHA1 Fingerprint=76:5B:D4:2C:CB:54:FE:6B:C5:E0:E3:FD:11:B0:88:70:80:12:C6:63
   Subject: C=US, ST=CA, L=SJ, O=BR, OU=SF, CN=SOUND/emailAddress=sravi
   Issuer: C=US, ST=CA, L=SJ, O=BR, OU=SF, CN=SOUND/emailAddress=sravi
   Not Before: Sep 19 20:56:49 2014 GMT
   Not After : Oct 19 20:56:49 2014 GMT
   purposes: sslserver

2. Unauthenticate the trust point with the no crypto ca authenticate command.
   

   device# no crypto ca authenticate t1 cert-type https 
   
   device# show crypto ca certificates
   Certificate Type: none; Trustpoint: t1
   Certificate: none
   CA certificate(Client authentication): none
   CA certificate(Server authentication): none
   

3. Enter configure terminal mode.
   

   device#configure terminal

4. Disassociate the trust point from the key pair with the no keypair command.
   

   device(config)# crypto ca trustpoint t1
   device(config-ca-t1)#no keypair 
   device(config-ca-t1)# do show running-config crypto
   crypto key label k1 rsa modulus 2048
   crypto ca trustpoint t1
     !
   !
   device(config-ca-t1)# do show crypto ca trustpoint
   Trustpoint: t1; Key-pair: none

5. Delete the trust point with the no crypto ca trustpoint command.
   

   device(config)# no crypto ca trustpoint t1
   device(config-ca-t1)# do show running-config crypto
    crypto key label k1 rsa modulus 2048
   !
   device# show crypto ca trustpoint
   Trustpoint: none; Key-pair: none
   

6. Delete the key pair with the no crypto key command.
   

   device(config-ca-t1)# exit
   device(config)#no crypto key label k1
   device(config)# do show running-config crypto
   % No entries found.
   
   device(config)# do show crypto key mypubkey
   key label: none
   key type: none
   key size: none

7. Return to privileged EXEC mode with the exit command.
   

   device(config-ca-t1)# exit