Clearing Cisco Self Signed Certificates and Keys

Quick post here, for future reference for myself and anyone else with this issue.  As you know (or will find out), if you copy a config from one device to another, you'll need to generate new keys or certificates for both your SSH connection and HTTPS.  Another issue is if you are using CCP and accidentally happen to deny the use of one of your managed devices because you didn't trust the self signed cert with the CCP pop up window (I did this accidentally)  If you don't want to hunt for the cert in IE, and are using lab equipment, here are the quick and easy fixes for removing existing self signed RSA keys for both HTTPS and for SSH/general purpose keys:

First, launch a show run to find out the name of your self signed certificate.  This is for the example of regnerating your HTTPS certificate.  Then when you find the name, you can append a "no" in front of it.  If you need to generate a new SSH key,  I recommend doing this over a console connection so you don't lose your SSH connection.  Afterwhich you can regenerate the new keys.

My show run displayed this for the name, along with the beginning of key used for SSH

!
crypto pki trustpoint TP-self-signed-815397456
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-815397456
 revocation-check none
 rsakeypair TP-self-signed-815397456
!
!
crypto pki certificate chain TP-self-signed-815397456
 certificate self-signed 01

  30820243 308201AC A0030201 02020101 300D0609 2A864886 F70D0101 04050030

I then used the following commands to wipe my existing self signed certificate and generate new RSA keys

ISP_1(config)#no crypto pki trustpoint TP-self-signed-815397456

% Removing an enrolled trustpoint will destroy all certificates

 received from the related Certificate Authority.

Are you sure you want to do this? [yes/no]: y

% Be sure to ask the CA administrator to revoke your certificates.

ISP_1(config)#crypto key zeroize rsa

% All RSA keys will be removed.

% All router certs issued using these keys will also be removed.

Do you really want to remove these keys? [yes/no]: y

ISP_1(config)#crypto key generate rsa

The name for the keys will be: ISP_1.isp.com

Choose the size of the key modulus in the range of 360 to 2048 for your

  General Purpose Keys. Choosing a key modulus greater than 512 may take

  a few minutes.

How many bits in the modulus [512]: 1024

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

ISP_1(config)#ip http secure-server

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

ISP_1(config)#

The issue I experienced, was I swapped hardware for my ISP and datacenter edge lab routers-my ISP router has a more advanced IOS image and more RAM, and with it I can run IOS IPS and the zone based firewall.  I just need the ISP router to route, and I wanted these security functions for my lab purposes.  So when I swapped the config files, I didn't paste in the keys (I'm using putty, and generally pasting in that much information causes..fun things to happen) but realized I needed to wipe my existing self signed cert and SSH keys and create new ones for both devices.