Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5101
Views
5
Helpful
2
Replies

DNAC Certificates

de1denta
Level 3
Level 3

‎05-13-2019 01:31 PM

Hi,

 

Does anyone know if it is mandatory to change the DNAC self-signed certificate with one that us signed by an internal CA that contains the IP and FQDN in the SAN entry? I've read a number of setup guides and the requirement for this is not consistent.

 

Thanks

Labels:
0 Helpful
2 Replies 2

anantsiv
Cisco Employee
Cisco Employee

‎05-20-2019 07:30 PM

Hi  ,If CA signed,Both ISE & DNA-C certificate should be signed by same CA.Also please share the DNA-C and ISE version.

0 Helpful

vijha
Cisco Employee
Cisco Employee

‎05-21-2019 09:08 AM

Hi Wills,

Cisco DNA Center uses a number of certificates, such as the certificates generated by Kubernetes and the certificate used by the Kong and Credential Manager services. These certificates are issued with a validity of one year. They expire a year after the cluster is installed.

 

In Cisco DNA Center 1.2.8 and later versions, these certificates are automatically renewed for another year before they are about to expire. The user need NOT take any manual action on these Cisco DNA Center versions. Users using these versions of Cisco DNA can skip this article.

 

In Cisco DNA Center 1.2.7 and previous versions, these certificates must be manually renewed by the user. It is recommended to renew the certificates before they expire.

Please contact sac-support@cisco.com for any further queries.

Hope this helps!

 

Regards,

Vibha Jha

Cisco Sales Acceleration Center

sac-support@cisco.com

Customers Also Viewed These Support Documents