Answer
When generating a new key pair, you must specify a certificate-ID. This certificate-ID is also used for the certificate request and again when the local certificate is loaded. To completely delete a certificate request and key pair, enter the following CLI operational mode command:
clear security pki
Two clear operations are needed: one to clear the certificate request, and another to clear the key pair.
When deleting a certificate request and key pair, the software does not delete both the certificate and the key pair simultaneously. This allows some administrators the ability to keep the same key pair and use a new certificate with them. You can delete the old certificate without destroying the old key pair.
For more information, see Understanding Certificates and PKI