https://community.cisco.com/t5/controllers/better-understanding-of-the-device-certificate-process/m-p/3499783#M2772 <HTML><HEAD></HEAD><BODY><P>Hi Claudia,</P><P></P><P>there are two ways a certificate will be created on a switch (not access point).</P><P>1) If you click on device certificate, then APIC-EM will create and download a certificate to the device.&nbsp; This&nbsp; certificate can be used by SSH etc.</P><P>2) If you have "ip https server" in the config, then the device will create a self signed certificate.</P><P></P><P>#1 is probably preferable.</P><P></P><P>If you wanted to add/create other certificates, you would need to do this outside of PnP, possibly using an EEM script etc.</P><P></P><P>Does this answer your question?</P><P></P><P>Adam</P></BODY></HTML> Mon, 19 Dec 2016 03:41:56 GMT aradford 2016-12-19T03:41:56Z https://community.cisco.com/t5/controllers/better-understanding-of-the-device-certificate-process/m-p/3499781#M2770 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Id like to get a better understanding of the certificate process in APIC-EM.&nbsp; </P><P></P><P>What happens if we say Device Certificate = False?&nbsp; the PNP communication takes place in clear text?&nbsp; If&nbsp; i then need a cert to establish ssh access, how does that happen as that is typically an interactive process.</P><P></P><P>If we do say "True" we now have a PNP certificate on the device.&nbsp; What if the APIC-EM provisioning step is a one time thing.&nbsp; Should we leave the cert there.&nbsp; What if we want to create another certificate for general ssh login access different from the PNP cert?</P><P></P><P>I suspect that all these questions are a clear indication I don't have a good grasp of this process!</P><P></P><P>Thanks for any info or pointers!</P><P></P><P>Claudia</P><P></P><P></P><TABLE border="0" cellpadding="0" cellspacing="0" style="width: 126px;"><TBODY><TR><TD height="20" width="126">Device Certificate*</TD></TR><TR><TD align="center" height="20">False</TD></TR></TBODY></TABLE></BODY></HTML> Fri, 01 Mar 2019 12:34:43 GMT https://community.cisco.com/t5/controllers/better-understanding-of-the-device-certificate-process/m-p/3499781#M2770 Claudia de Luna 2019-03-01T12:34:43Z https://community.cisco.com/t5/controllers/better-understanding-of-the-device-certificate-process/m-p/3499782#M2771 <HTML><HEAD></HEAD><BODY><P><A href="http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Plug-and-Play/software/guide/pnp_apic_em_config_guide/pnp_apic_em_config_guide_chapter_01.html?referring_site=RE&amp;pos=1&amp;page=http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Plug-and-Play/solution/guide/pnp-solution-guide.html" title="http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Plug-and-Play/software/guide/pnp_apic_em_config_guide/pnp_apic_em_config_guide_chapter_01.html?referring_site=RE&amp;pos=1&amp;page=http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Plug-and-Play/solution/guide/pnp-solution-guide.html">Configuration Guide for Cisco Network Plug and Play on Cisco APIC-EM - Configuring Cisco Network Plug and Play [Cisco …</A></P><P></P><P><SPAN style="color: #525252; font-family: arial, helvetica, 'Helvetica Neue', HelveticaNeue, 'Lucida Grande', sans-serif; font-size: 14px;">Check the </SPAN><STRONG style="font-size: 14px; font-family: arial, helvetica, 'Helvetica Neue', HelveticaNeue, 'Lucida Grande', sans-serif; color: #525252;">Device Certificate</STRONG><SPAN style="color: #525252; font-family: arial, helvetica, 'Helvetica Neue', HelveticaNeue, 'Lucida Grande', sans-serif; font-size: 14px;"> check box to apply the device certificate on the device. Cisco Network Plug and Play automatically generates and deploys the PKCS12 device ID certificate. Device Certificate is not supported on access point devices.</SPAN></P></BODY></HTML> Thu, 15 Dec 2016 21:09:36 GMT https://community.cisco.com/t5/controllers/better-understanding-of-the-device-certificate-process/m-p/3499782#M2771 sairasan 2016-12-15T21:09:36Z https://community.cisco.com/t5/controllers/better-understanding-of-the-device-certificate-process/m-p/3499783#M2772 <HTML><HEAD></HEAD><BODY><P>Hi Claudia,</P><P></P><P>there are two ways a certificate will be created on a switch (not access point).</P><P>1) If you click on device certificate, then APIC-EM will create and download a certificate to the device.&nbsp; This&nbsp; certificate can be used by SSH etc.</P><P>2) If you have "ip https server" in the config, then the device will create a self signed certificate.</P><P></P><P>#1 is probably preferable.</P><P></P><P>If you wanted to add/create other certificates, you would need to do this outside of PnP, possibly using an EEM script etc.</P><P></P><P>Does this answer your question?</P><P></P><P>Adam</P></BODY></HTML> Mon, 19 Dec 2016 03:41:56 GMT https://community.cisco.com/t5/controllers/better-understanding-of-the-device-certificate-process/m-p/3499783#M2772 aradford 2016-12-19T03:41:56Z