Install Manual Certificate for SD-WAN Controllers

Available Languages

Download Options

  • PDF     (730.6 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (850.0 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (577.3 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:April 11, 2023
Document ID:220383

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the procedure to sign Software Defined Wide Area Network (SD-WAN) certificates with manual option.

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • Cisco Software-defined Wide Area Network (SD-WAN)
    • Cisco SD-WAN vManage

    Components Used

    This document is based on this SD-WAN device and portal:

    • vManage Controller
    • Plug and Play Portal (PnP)

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Scope

    • This procedure is used when vManage has no connectivity to the Internet.
    • You can use this process to sign Certificate Signed Request (CSR) for new controllers or renew certificates.

    Considerations

    • The basic configuration is applied to the controllers
    • Controllers have connectivity between them

    If you need information about Controller Deployment, navigate to Cisco SD-WAN Overlay Network Bring-Up Process.

    Please visit Certificate Management if you are interested in other ways of controller SD-WAN certification.

    Sign Certificate

    Scenario 1. Certificate for New Controller

    Step 1. Log in to vManage.

    Step 2. Navigate to  Main Menu > Configuration > Devices > Controller > Add Controller.

    Selection for ControllerSelection for controller

    Step 3. Fill in the controller information and check  Generate CSR  box as shown in this image.

    Controller InformationController Information

    Step 4. Download CSR file from  Main Menu > Configuration > Certificates > Controllers > Three dots > View CSR.

    Certificate RequestCertificate request

    Step 5. Log into PnP Portal.

    Step 6. Navigate to  Main Menu > Certificates > + Generate Certificate.

    Plug and Play Portal CertificatePlug and Play portal certificate

    Step 7. Fill in certificate information, then click Next and finally Submit.

    Certificate InformationCertificate information

    Step 8. Download Certificate Signed.

    Step 9. Navigate to  Main Menu > Configuration > Devices > Controllers > Install Certificate.

    Certificate ControllerCertificate controller

    Step 10. Wait for a bit while the certificate is sent to the controller. Once it is done, you see this:

    Certificate InstallationCertificate installation

    Scenario 2. Renew Certificate for Controller

    Step 1. Log in to vManage.

    Step 2. Navigate to  Main Menu > Configuration > Certificates > Controller > Three Dots > Generate CSR.

    CSR GenerateCSR generate

    Step 3. Once you downlaod the CSR, perform Step 5. to Step 10. from the Scenario 1.

    Related Information

    Revision History

    Revision Publish Date Comments
    1.0
    12-Apr-2023
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Carlos Fernando Machorro Arvizu
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products